CERT-In highlighted that no security patches for the vulnerabilities are available currently.
Microsoft has recommended specific actions for users to safeguard themselves
Photo Credit: Unsplash/Windows
The Indian Computer Emergency Response Team (CERT-In) has issued an advisory regarding multiple vulnerabilities affecting Microsoft's Windows operating systems. Two separate vulnerabilities were found in various builds of Windows 10, Windows 11, and Windows Server, the company's platform for running network-based applications. The cybersecurity agency has flagged these vulnerabilities as medium risk. While no security patches for them exist currently, Microsoft has released a set of actions users can take to safeguard themselves. Notably, CERT-In highlighted several security flaws in older Apple operating systems earlier this month.
In an advisory issued on Monday (August 12), the cybersecurity agency highlighted two different vulnerabilities in Windows OS. These security flaws can allow an attacker to gain unauthorised privileges on the targeted system.
“These vulnerabilities exist in Windows-based systems supporting Virtualization Based Security (VBS) and Windows Backup. An attacker with appropriate privileges could exploit these vulnerabilities to reintroduce previously mitigated issues or bypass VBS protections,” said CERT-In.
The two vulnerabilities have been labelled CVE-2024-21302 and CVE-2024-38202 by the nodal agency, which comes under the Ministry of Electronics and Information Technology (MeitY). Here, CVE stands for common vulnerabilities and exposures, and the format is a standardised method of identifying and describing security flaws in software. The full list of affected Windows software is shared below.
As per the advisory, currently, there are no security patches available for the security flaws. While this presents a concerning situation, the scope of the vulnerability is not very wide as the attacker needs to hold some privilege within the system before exploiting these flaws.
Microsoft has also posted a set of recommended actions for each of the vulnerabilities to help users mitigate the potential for an attack. The tech giant has also highlighted that the CVE will be updated and the users will be notified once a security update is ready to be shipped.
Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.