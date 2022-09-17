CERT-In detected vulnerabilities in some of the most popular products of Microsoft | Photo Credit: Reuters

CERT-In detected vulnerabilities in some of the most popular products of Microsoft including Windows, Office that could be exploited by hackers to steal sensitive information.

ADVERTISEMENT

(Sign up to our Technology newsletter, Today’s Cache, for insights on emerging themes at the intersection of technology, business and policy. Click here to subscribe for free.)

Vulnerability notes from CERT-In on Wednesday classified the threats in the High category. The note stated that attackers could exploit these vulnerabilities to escalate privileges, execute arbitrary code, disclose sensitive information, bypass security restrictions and perform denial of services (DoS) on targeted systems.

In Microsoft Windows and Office, the vulnerability was found to impact the security of these products. Cybercriminals could use this security flaw to remotely execute codes on the targeted systems and even access the information on the compromised system.

ADVERTISEMENT

In Microsoft Visual Studio the vulnerability could allow attackers to gain elevated privileges and cause denial of services.

Similar lapses in the security of software including Microsoft SharePoint, Dynamic CRM, .NET Framework were also reported by CERT-In.

In its blog on Wednesday, Cybersecurity company Kaspersky also stated that they found 64 vulnerabilities affecting Windows Defender and Azure along with other Microsoft products. Some vulnerabilities were specific to ARM 64 based systems on Windows 11.

Microsoft on Tuesday had released security updates to fix these vulnerabilities in its products including Windows, Office, SharePoint, Visual Studio, Dynamics CRM, .NET Framework and others.

However, Kaspersky noted that the existence of some of the vulnerabilities might have been publicly disclosed before the security patch was released but their use by attackers has not been reported so far.