In its latest advisory, India’s nodal cybersecurity agency has warned about vulnerabilities in Microsoft products. The Indian Computer Emergency Response Team (CERT-In), which comes under the Ministry of Electronics & Information Technology has said that the vulnerabilities in Microsoft products could allow an attacker to obtain information disclosure, bypass security restrictions, and cause denial-of-service (DoS) conditions on the targeted system.
The list of affected products includes Microsoft Windows, Microsoft Office, Developer Tools, Azure, Brower, System Center, Microsoft Dynamics, and Exchange Server.
"Multiple vulnerabilities have been reported in Microsoft products which could allow an attacker to gain elevated privileges, obtain information disclosure, bypass security restrictions, conduct remote code execution attacks, perform spoofing attacks, or cause denial of service conditions," said the CERT-In advisory.
As per the agency, the vulnerabilities on Microsoft Windows exist due to improper access restrictions within the proxy driver and insufficient implementation of the Mark of the Web (MotW) feature.
The agency advised users to apply appropriate security updates as mentioned in the company's update guide.
Meanwhile, CERT-In has warned users of multiple vulnerabilities in Android and Mozilla Firefox web browsers which could allow an attacker to obtain sensitive information, execute arbitrary code, and cause DoS conditions on the targeted system.
As per the advisory, 'Android 12, 12L, 13, 14', and 'Mozilla Firefox versions prior to 124.0.1 and Mozilla Firefox ESR versions before 115.9.1' were the affected software versions, respectively.
"Successful exploitation of these vulnerabilities could allow the attacker to obtain sensitive information, gain elevated privileges, and cause a denial-of-service condition on the targeted system," said the CERT-In advisory.
There are vulnerabilities present in Android that are caused by weaknesses in various components such as the Framework, System, MediaTek, Widevine, Qualcomm, and Qualcomm's closed-source components. Similarly, in Mozilla Firefox, vulnerabilities exist due to out-of-bounds access via Range Analysis bypass and Privileged JavaScript Execution through Event Handlers.
ALSO READ: Google rollouts Android 15's first public beta: Check new features, availability
Inputs from IANS
