Urgent : Government Warns of Critical Security Risks in Microsoft Windows, Office, and Bing in CERT-In advisory

Critical Microsoft Vulnerabilities Exposed through CERT-In advisory: Act Now to Secure Your Systems!

The Indian Computer Emergency Response Team (CERT-In), under the Ministry of Electronics and Information Technology, has issued a critical security advisory( CERT-In advisory) warning individuals and organizations about multiple vulnerabilities found across various Microsoft products. These vulnerabilities pose severe risks, including unauthorized access to sensitive data, remote code execution, bypassing security controls, spoofing, tampering attacks, and triggering denial-of-service conditions.

As per the CERT-In advisory , The affected Microsoft products include Windows, Office, Dynamics, Bing browser, Developer tools, Azure, and various Microsoft applications. CERT-In’s statement highlights the gravity of the situation, stating,

“Multiple vulnerabilities have been reported in Microsoft Products, which could allow an attacker to gain elevated privileges, obtain sensitive information, conduct remote code execution attacks, bypass security restrictions, conduct spoofing attacks, conduct tampering attacks, or cause denial of service conditions.“

CERT-In advisory : Risks and Potential Consequences

Exploitation of these vulnerabilities can lead to disastrous consequences, such as financial losses, data theft, and unauthorized access to sensitive information. Malicious actors could potentially gain elevated privileges, execute remote code on vulnerable systems, bypass security restrictions, conduct spoofing and tampering attacks, or trigger denial-of-service conditions, causing systems to become unresponsive or crash.

According to a recent report by IBM Security, the average cost of a data breach in 2023 was a staggering $4.35 million, with the potential for even higher costs in the event of a severe breach involving critical systems or sensitive data. Furthermore, the report highlights that the healthcare industry faced the highest average cost of a data breach at $10.1 million, underscoring the importance of robust cybersecurity measures in protecting sensitive patient data.

Vulnerable Microsoft Products and CVE Identifiers

in CERT-In advisory, the CERT has provided a detailed list of the affected Microsoft products, their associated CVE (Common Vulnerabilities and Exposures) identifiers, and the potential impact of each vulnerability. The list includes:

• Microsoft Windows: CVE-2024-26238 (Critical – Remote Code Execution), CVE-2024-29994 (Elevation of Privilege), CVE-2024-29996 (Information Disclosure), CVE-2024-29997, CVE-2024-29998, CVE-2024-29999, CVE-2024-30000, CVE-2024-30001, CVE-2024-30002, CVE-2024-30003, CVE-2024-30004, CVE-2024-30005, CVE-2024-30006, CVE-2024-30007, CVE-2024-30008, CVE-2024-30009, CVE-2024-30010, CVE-2024-30011, CVE-2024-30012, CVE-2024-30014, CVE-2024-30015, CVE-2024-30016, CVE-2024-30017, CVE-2024-30018, CVE-2024-30019, CVE-2024-30020, CVE-2024-30021, CVE-2024-30022, CVE-2024-30023, CVE-2024-30024, CVE-2024-30025, CVE-2024-30027, CVE-2024-30028, CVE-2024-30029, CVE-2024-30031, CVE-2024-30032, CVE-2024-30033, CVE-2024-30034, CVE-2024-30035, CVE-2024-30036, CVE-2024-30037, CVE-2024-30038, CVE-2024-30039, CVE-2024-30040, CVE-2024-30049, CVE-2024-30050, CVE-2024-30051 (Security Feature Bypass, Denial of Service).
• Microsoft Office: CVE-2024-30042, CVE-2024-30043, CVE-2024-30044 (High – Remote Code Execution, Information Disclosure).
• Microsoft Dynamics: CVE-2024-30047, CVE-2024-30048 (High – Spoofing).
• Microsoft Power BI Client: CVE-2024-30054 (High – Information Disclosure).
• Browser: CVE-2024-4761 (High – Remote Code Execution).
• Developer Tools: CVE-2024-30045, CVE-2024-30046, CVE-2024-32002, CVE-2024-32004 (High – Remote Code Execution, Denial of Service).
• ESU (Extended Security Updates): CVE-2024-29996, CVE-2024-30008, CVE-2024-30009, CVE-2024-30010, CVE-2024-30011, CVE-2024-30014 (High – Remote Code Execution, Elevation of Privilege, Information Disclosure, Security Feature Bypass, Denial of Service).
• Azure: CVE-2024-30053 (High – Cross-Site Scripting Vulnerability).
• Apps: CVE-2024-30041, CVE-2024-30059 (High – Spoofing, Tampering).

The table below provides a summary of the affected Microsoft products and the associated vulnerabilities as per CERT-In advisory:

Microsoft Product	Vulnerability Type	CVE Identifiers
Windows	Remote Code Execution, Elevation of Privilege, Information Disclosure, Security Feature Bypass, Denial of Service	CVE-2024-26238, CVE-2024-29994, CVE-2024-29996, CVE-2024-29997, CVE-2024-29998, CVE-2024-29999, CVE-2024-30000, CVE-2024-30001, CVE-2024-30002, CVE-2024-30003, CVE-2024-30004, CVE-2024-30005, CVE-2024-30006, CVE-2024-30007, CVE-2024-30008, CVE-2024-30009, CVE-2024-30010, CVE-2024-30011, CVE-2024-30012, CVE-2024-30014, CVE-2024-30015, CVE-2024-30016, CVE-2024-30017, CVE-2024-30018, CVE-2024-30019, CVE-2024-30020, CVE-2024-30021, CVE-2024-30022, CVE-2024-30023, CVE-2024-30024, CVE-2024-30025, CVE-2024-30027, CVE-2024-30028, CVE-2024-30029, CVE-2024-30031, CVE-2024-30032, CVE-2024-30033, CVE-2024-30034, CVE-2024-30035, CVE-2024-30036, CVE-2024-30037, CVE-2024-30038, CVE-2024-30039, CVE-2024-30040, CVE-2024-30049, CVE-2024-30050, CVE-2024-30051
Office	Remote Code Execution, Information Disclosure	CVE-2024-30042, CVE-2024-30043, CVE-2024-30044
Dynamics	Spoofing	CVE-2024-30047, CVE-2024-30048
Power BI Client	Information Disclosure	CVE-2024-30054
Browser	Remote Code Execution	CVE-2024-4761
Developer Tools	Remote Code Execution, Denial of Service	CVE-2024-30045, CVE-2024-30046, CVE-2024-32002, CVE-2024-32004
ESU (Extended Security Updates)	Remote Code Execution, Elevation of Privilege, Information Disclosure, Security Feature Bypass, Denial of Service	CVE-2024-29996, CVE-2024-30008, CVE-2024-30009, CVE-2024-30010, CVE-2024-30011, CVE-2024-30014
Azure	Cross-Site Scripting Vulnerability	CVE-2024-30053
Apps	Spoofing,Tampering	CVE-2024-30041, CVE-2024-30059

Recent Cyber Attack Incidents Highlighting the Urgency

The severity of these vulnerabilities cannot be overstated, as recent cyber attacks have demonstrated the devastating consequences of such security breaches. One notable incident occurred in March 2024, when a major healthcare provider in the United States fell victim to a ransomware attack exploiting vulnerabilities in their Microsoft Windows systems. The attack resulted in the encryption of critical patient data and disrupted essential medical services, potentially putting lives at risk.

In another high-profile case, a multinational corporation suffered a significant data breach in January 2024, exposing sensitive financial records and trade secrets. Investigations revealed that the breach was facilitated by a remote code execution vulnerability in Microsoft Office, allowing attackers to gain unauthorized access to the company’s internal systems.

These incidents serve as stark reminders of the real-world implications of failing to address such vulnerabilities promptly. The consequences can range from financial losses and reputational damage to disruptions in critical infrastructure and services.

Mitigating the Risks: Recommendations and Best Practices

To mitigate the risks associated with these vulnerabilities, in CERT-In advisory the users have been advised to take the following proactive measures:

1. Regular Software Updates: Ensure that all software, including operating systems, applications, and security software, are updated regularly. Software updates often include patches that address known vulnerabilities. Set up automatic updates or establish a regular schedule for manually checking and installing updates.
2. Strong and Unique Passwords: Use strong, unique passwords for all accounts containing sensitive information, and change them regularly. Avoid using easily guessable information, such as personal details or common words. Consider using a reputable password manager to generate and securely store complex passwords.
3. Enable Two-Factor Authentication (2FA): Activate 2FA wherever possible, adding an extra layer of security by requiring a second form of verification, such as a code sent to your phone, in addition to your password. This can significantly reduce the risk of unauthorized access, even if your password is compromised.
4. Install and Maintain Antivirus Software: Use comprehensive antivirus software from reputable vendors to detect and remove malware. Ensure that the software is always up to date with the latest virus definitions and security updates to protect against the latest threats.
5. Exercise Caution with Links and Emails: Beware of phishing emails and suspicious links. Do not click on links or download attachments from unknown or untrusted sources, as they may contain malware or lead to malicious websites designed to exploit vulnerabilities.
6. Backup Data Regularly: Regularly back up important data to an external drive or cloud service. This can help recover data in the event of a ransomware attack, system failure, or other data loss incidents. Implement a robust backup strategy and test the restoration process periodically.
7. Monitor Accounts and Systems: Regularly review account statements, system logs, and security alerts for any unusual activity. Early detection of suspicious activities can prevent more severe breaches and minimize the potential impact.
8. Secure Network Devices: Ensure that all network devices, such as routers and firewalls, are securely configured and regularly updated. Change default passwords and disable unnecessary services to reduce the attack surface.
9. Implement Access Controls: Limit access to sensitive systems and data to only those individuals who require it for their job duties. Regularly review and update access privileges to ensure that they remain appropriate and aligned with the principle of least privilege.
10. Incident Response Plan: Develop and maintain an incident response plan that outlines the steps to be taken in the event of a security breach or cyber attack. This plan should include procedures for containment, investigation, communication, and recovery efforts.

By following these recommendations and best practices, individuals and organizations can significantly reduce the risk of falling victim to cyber attacks exploiting the vulnerabilities identified by CERT-In in various Microsoft products.

Continuous Monitoring and Collaboration

It is crucial to stay informed about the latest security advisories, updates, and best practices related to cybersecurity. CERT-In and other security organizations regularly release advisories and provide guidance on addressing emerging threats and vulnerabilities.

Additionally, collaboration and information sharing among industry partners, government agencies, and security researchers can enhance the collective understanding of cyber threats and facilitate the development of effective countermeasures.

By fostering a culture of cybersecurity awareness, proactive risk management, and continuous improvement, individuals and organizations can better protect themselves from the evolving landscape of cyber threats and ensure the resilience of their systems and data.

Frequently Asked Questions(FAQs)

Q. What is the significance of CERT-In’s security advisory regarding Microsoft vulnerabilities?
A. CERT-In’s advisory highlights multiple severe vulnerabilities across various Microsoft products that could allow cyber attackers to gain elevated system privileges, access sensitive data, conduct remote code execution attacks, bypass security restrictions, perform spoofing and tampering attacks, or trigger denial-of-service conditions.

Q. Which Microsoft products are affected by these critical security vulnerabilities?
A. The affected Microsoft products include Windows operating system, Office suite, Dynamics business applications, Bing web browser, Developer tools, Azure cloud platform, and various Microsoft apps, encompassing a wide range of widely-used software and services.

Q. What are the potential consequences of exploiting these Microsoft product vulnerabilities?
A. Successful exploitation of these vulnerabilities can lead to disastrous outcomes such as financial losses due to data breaches, theft of sensitive information, unauthorized access to critical systems, disruption of essential services through denial-of-service attacks, and compromised data integrity through tampering.

Q. How can individuals and organizations mitigate the risks posed by these Microsoft vulnerabilities?
A. To reduce the risk of cyber attacks exploiting these vulnerabilities, CERT-In recommends regularly updating software with security patches, using strong and unique passwords, enabling multi-factor authentication, installing and maintaining antivirus protection, exercising caution with suspicious links and emails, regularly backing up data, monitoring systems for unusual activity, and securing network devices.

Q. What is the importance of regularly updating software to address Microsoft vulnerabilities?
A. Software updates often include security patches that address known vulnerabilities by fixing coding flaws or implementing additional security controls. Regularly updating software ensures that systems are protected against the latest disclosed vulnerabilities and potential cyber threats.

Q. Why is enabling two-factor authentication (2FA) recommended for Microsoft product users?
A. Enabling 2FA adds an extra layer of security by requiring a second form of verification, such as a one-time code sent to a user’s phone, in addition to a password. This significantly reduces the risk of unauthorized access, even if a password is compromised through a data breach or phishing attack.

Q. How can effective collaboration and information sharing help address Microsoft vulnerabilities?
A. Collaborating and sharing information among industry partners, government agencies, security researchers, and Microsoft itself can enhance collective understanding of cyber threats, facilitate the development of effective countermeasures, and promote timely dissemination of security advisories and best practices related to addressing critical vulnerabilities in Microsoft products.