The Indian Computer Emergency Response Team (CERT-In) has issued an advisory regarding vulnerabilities in Microsoft Windows. The vulnerabilities affect Windows-based systems supporting Virtualization Based Security (VBS) and Windows Backup, including versions Windows 10, 11, and 12, as well as Windows Server.

“These vulnerabilities exist in Windows-based systems supporting Virtualization Based Security (VBS) and Windows Backup. An attacker with appropriate privileges could exploit these vulnerabilities to reintroduce previously mitigated issues or bypass VBS protections,” said CERT-In.

The nodal agency has classified these vulnerabilities as medium risk. While security patches for the vulnerabilities are not yet available, Microsoft has released a list of measures that users can take to protect themselves. The two identified vulnerabilities in Windows OS are CVE-2024-21302 and CVE-2024-38202 (CVE stands for Common Vulnerabilities and Exposures). The affected Windows software versions include: