The cybersecurity monitoring body of India, the CERT-In, has generated high-severity warnings regarding vulnerabilities in Google Chrome and Microsoft products impacting millions of users across the country. On August 18, the Computer Emergency Response Team issued advice that the vulnerabilities might allow an attacker to exploit them to conduct remote code execution, steal sensitive information, and compromise the entire system.
There is a common security vulnerability in Microsoft products
According to the Indian Express, the Indian Computer Emergency Response Team, which is commonly known as CERT-In, the nodal cybersecurity agency in the country, has issued a new high-risk alert to users and organisations that operate on Microsoft products. The intensive severity rating against which the advisory was issued on August 18 applies to well-known Microsoft software such as Windows, Office, Dynamics, Browser, Device, Developer Tools, SQL Server, System Center, Azure, and even legacy products.
CERT-In, the organisation operating under the Ministry of Electronics and Information Technology (MeitY), the vulnerability may enable the threat actors to gain higher privileges, access sensitive data, perform remote code execution attacks, perform spoofing attacks, and increase denial of service states, and even circumvent some of the available security limitations. Indeed, as it occurs, the vulnerability might also allow attackers to potentially breach the system, steal information, crash the system, and even execute a ransomware attack.
Remote code execution poses a threat to the stability of the systems in the country
As documented by CERT-In, the threat posed by the vulnerability is that of remote execution of code, system instability, and theft of sensitive data. These security exploits expose individuals and organisations since they are not tied to a single or two software products.
Desktop users of Google Chrome are affected by arbitrary code execution
According to CXO Digital Pulse, CERT-In has also provided a vulnerability note to Google Chrome desktop users, in which the attacker could potentially remotely execute arbitrary code against a system. On that note, this is a weakness that affects all end-user organisations and individuals using the desktop version of Google Chrome. The Indian Computer Emergency Response Team, or the nodal agency of the country on cybersecurity (CERT-In), issued a high-risk advisory to the users and organisations concerning security gaps in the Microsoft products.
Cybersecurity specialists emphasize the need to make timely updates
Further stressing the seriousness of the case, CERT-In said that the vulnerabilities provide open access to remote code execution, system instability, and stealing sensitive information. The vulnerability of individuals and enterprises is deemed to be risky because the risks are spread across various Microsoft applications. As the level of cyberattacks gets increasingly sophisticated, cybersecurity professionals emphasize that system maintenance is one of the most efficient methods to avoid exploitation.
IT administrators were encouraged to apply extensive security
Microsoft advises that in case you are using any of these products, then ensure you update the security patches as early as possible to seal the security loopholes. Should you be an IT administrator or part of a security team that maintains and updates Microsoft products, you can attempt to put administrator privileges on a select set of accounts, use strong authentication and backup mechanisms, and scout the network and devices for any foul play or network traffic.
The CERT-In advisories state that it is of vital concern to ensure effective cybersecurity operations within the digital infrastructure of India. With cyber threats constantly developing and targeting popular enterprise software, organizations are left with the need to place more emphasis on patching and full security provisions. The fact that both Microsoft products and Google Chrome were vulnerable simultaneously underscores the intertwining nature of current cybersecurity threats, including multidisciplinary work by IT departments on a national level.