IANS | 12 Apr, 2024
The Indian Computer Emergency Response Team (CERT-In), which comes
under the Ministry of Electronics & Information Technology, on
Friday warned users of multiple vulnerabilities in Microsoft products
which could allow an attacker to obtain information disclosure, bypass
security restriction and cause denial-of-service (DoS) conditions on the
targeted system.
The products include -- Microsoft Windows, Microsoft Office,
Developer Tools, Azure, Brower, System Center, Microsoft Dynamics, and
Exchange Server.
"Multiple vulnerabilities have been reported in
Microsoft products which could allow an attacker to gain elevated
privileges, obtain information disclosure, bypass security restrictions,
conduct remote code execution attacks, perform spoofing attacks, or
cause denial of service conditions," said the CERT-In advisory.
In
Microsoft Windows, the cyber agency said the vulnerabilities exist due
to improper access restrictions within the proxy driver and insufficient
implementation of the Mark of the Web (MotW) feature.
The agency advised users to apply appropriate security updates as mentioned in the company's update guide.
Meanwhile,
CERT-In has warned users of multiple vulnerabilities in Android and
Mozilla Firefox web browsers which could allow an attacker to obtain
sensitive information, execute arbitrary code and cause DoS conditions
on the targeted system.
As per the advisory, 'Android 12, 12L, 13,
14', and 'Mozilla Firefox versions prior to 124.0.1 and Mozilla Firefox
ESR versions before 115.9.1' were the affected software versions,
respectively.
