The Indian Computer Emergency Response Team (CERT-In) has issued an advisory concerning a number of vulnerabilities affecting Microsoft’s Windows working methods. Two separate vulnerabilities had been present in varied builds of Windows 10, Windows 11, and Windows Server, the corporate’s platform for working network-based purposes. The cybersecurity company has flagged these vulnerabilities as medium threat. While no safety patches for them exist at the moment, Microsoft has launched a set of actions customers can take to safeguard themselves. Notably, CERT-In highlighted a number of safety flaws in older Apple working methods earlier this month.
CERT-In Issues Advisory for Microsoft Windows OS
In an advisory issued on Monday (August 12), the cybersecurity company highlighted two completely different vulnerabilities in Windows OS. These safety flaws can enable an attacker to achieve unauthorised privileges on the focused system.
“These vulnerabilities exist in Windows-based systems supporting Virtualization Based Security (VBS) and Windows Backup. An attacker with appropriate privileges could exploit these vulnerabilities to reintroduce previously mitigated issues or bypass VBS protections,” mentioned CERT-In.
The two vulnerabilities have been labelled CVE-2024-21302 and CVE-2024-38202 by the nodal company, which comes below the Ministry of Electronics and Information Technology (MeitY). Here, CVE stands for widespread vulnerabilities and exposures, and the format is a standardised technique of figuring out and describing safety flaws in software program. The full record of affected Windows software program is shared under.
- Windows Server 2016 (Server Core set up)
- Windows Server 2016
- Windows 10 Version 1607 for x64-based Systems
- Windows 10 Version 1607 for 32-bit Systems
- Windows 10 for x64-based Systems
- Windows 10 for 32-bit Systems
- Windows 11 Version 24H2 for x64-based Systems
- Windows 11 Version 24H2 for ARM64-based Systems
- Windows Server 2022, 23H2 Edition (Server Core set up)
- Windows 11 Version 23H2 for x64-based Systems
- Windows 11 Version 23H2 for ARM64-based Systems
- Windows 10 Version 22H2 for 32-bit Systems
- Windows 10 Version 22H2 for ARM64-based Systems
- Windows 10 Version 22H2 for x64-based Systems
- Windows 11 Version 22H2 for x64-based Systems
- Windows 11 Version 22H2 for ARM64-based Systems
- Windows 10 Version 21H2 for x64-based Systems
- Windows 10 Version 21H2 for ARM64-based Systems
- Windows 10 Version 21H2 for 32-bit Systems
- Windows 11 model 21H2 for ARM64-based Systems
- Windows 11 model 21H2 for x64-based Systems
- Windows Server 2022 (Server Core set up)
- Windows Server 2022
- Windows Server 2019 (Server Core set up)
- Windows Server 2019
- Windows 10 Version 1809 for ARM64-based Systems
- Windows 10 Version 1809 for x64-based Systems
- Windows 10 Version 1809 for 32-bit Systems
As per the advisory, at the moment, there are not any safety patches accessible for the safety flaws. While this presents a regarding state of affairs, the scope of the vulnerability will not be very vast because the attacker wants to carry some privilege throughout the system earlier than exploiting these flaws.
Microsoft has additionally posted a set of really helpful actions for every of the vulnerabilities to assist customers mitigate the potential for an assault. The tech large has additionally highlighted that the CVE shall be up to date and the customers shall be notified as soon as a safety replace is able to be shipped.
For the newest tech information and opinions, observe Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the newest movies on devices and tech, subscribe to our YouTube channel. If you wish to know every little thing about high influencers, observe our in-house Who’sThat360 on Instagram and YouTube.