Government Issues Security Warning in Windows 10, Windows 11 and More

The Indian Laptop Emergency Response Crew (CERT-In) has issued an advisory relating to a number of vulnerabilities affecting Microsoft’s Home windows working programs. Two separate vulnerabilities have been present in varied builds of Home windows 10, Home windows 11, and Home windows Server, the corporate’s platform for operating network-based functions. The cybersecurity company has flagged these vulnerabilities as medium threat. Whereas no safety patches for them exist at the moment, Microsoft has launched a set of actions customers can take to safeguard themselves. Notably, CERT-In highlighted a number of safety flaws in older Apple working programs earlier this month.

CERT-In Points Advisory for Microsoft Home windows OS

In an advisory issued on Monday (August 12), the cybersecurity company highlighted two completely different vulnerabilities in Home windows OS. These safety flaws can permit an attacker to achieve unauthorised privileges on the focused system.

“These vulnerabilities exist in Home windows-based programs supporting Virtualization Primarily based Safety (VBS) and Home windows Backup. An attacker with applicable privileges may exploit these vulnerabilities to reintroduce beforehand mitigated points or bypass VBS protections,” stated CERT-In.

The 2 vulnerabilities have been labelled CVE-2024-21302 and CVE-2024-38202 by the nodal company, which comes below the Ministry of Electronics and Data Know-how (MeitY). Right here, CVE stands for widespread vulnerabilities and exposures, and the format is a standardised technique of figuring out and describing safety flaws in software program. The complete listing of affected Windows software program is shared under.

• Home windows Server 2016 (Server Core set up)
• Home windows Server 2016
• Home windows 10 Model 1607 for x64-based Methods
• Home windows 10 Model 1607 for 32-bit Methods
• Home windows 10 for x64-based Methods
• Home windows 10 for 32-bit Methods
• Home windows 11 Model 24H2 for x64-based Methods
• Home windows 11 Model 24H2 for ARM64-based Methods
• Home windows Server 2022, 23H2 Version (Server Core set up)
• Home windows 11 Model 23H2 for x64-based Methods
• Home windows 11 Model 23H2 for ARM64-based Methods
• Home windows 10 Model 22H2 for 32-bit Methods
• Home windows 10 Model 22H2 for ARM64-based Methods
• Home windows 10 Model 22H2 for x64-based Methods
• Home windows 11 Model 22H2 for x64-based Methods
• Home windows 11 Model 22H2 for ARM64-based Methods
• Home windows 10 Model 21H2 for x64-based Methods
• Home windows 10 Model 21H2 for ARM64-based Methods
• Home windows 10 Model 21H2 for 32-bit Methods
• Home windows 11 model 21H2 for ARM64-based Methods
• Home windows 11 model 21H2 for x64-based Methods
• Home windows Server 2022 (Server Core set up)
• Home windows Server 2022
• Home windows Server 2019 (Server Core set up)
• Home windows Server 2019
• Home windows 10 Model 1809 for ARM64-based Methods
• Home windows 10 Model 1809 for x64-based Methods
• Home windows 10 Model 1809 for 32-bit Methods

As per the advisory, at the moment, there aren’t any safety patches out there for the safety flaws. Whereas this presents a regarding scenario, the scope of the vulnerability just isn’t very extensive because the attacker wants to carry some privilege inside the system earlier than exploiting these flaws.

Microsoft has additionally posted a set of really useful actions for every of the vulnerabilities to assist customers mitigate the potential for an assault. The tech big has additionally highlighted that the CVE will probably be up to date and the customers will probably be notified as soon as a safety replace is able to be shipped.