Government issues security warning in Windows 10, Windows 11 and more
The Indian Computer Emergency Response Team (CERT-In) has issued an advisory regarding multiple vulnerabilities affecting Microsoft’s Windows operating systems. Two separate vulnerabilities were found in different builds of Windows 10, Windows 11 and Windows Server, the company’s platform for running network-based applications. The cybersecurity agency has flagged these vulnerabilities as medium risk. While there are currently no security patches available for them, Microsoft has issued a series of actions that users can take to protect themselves. Notably, CERT-In had earlier this month highlighted several security holes in older Apple operating systems.
CERT-In provides advice for Microsoft Windows OS
In a advisory Released on Monday (August 12), the cybersecurity agency highlighted two different vulnerabilities in Windows OS. These vulnerabilities could allow an attacker to gain unauthorized privileges on the targeted system.
“These vulnerabilities exist in Windows-based systems that support Virtualization Based Security (VBS) and Windows Backup. An attacker with appropriate privileges could exploit these vulnerabilities to reintroduce previously fixed issues or bypass VBS protections,” CERT-In said.
The two vulnerabilities have been tagged as CVE-2024-21302 and CVE-2024-38202 by the nodal agency, which falls under the Ministry of Electronics and Information Technology (MeitY). CVE here stands for common vulnerabilities and exposures, and the format is a standardized method of identifying and describing security holes in software. The complete list of affected Windows software is shared below.
- Windows Server 2016 (Server Core installation)
- Windows Server 2016
- Windows 10 version 1607 for x64-based systems
- Windows 10 version 1607 for 32-bit systems
- Windows 10 for x64-based Systems
- Windows 10 for 32-bit systems
- Windows 11 version 24H2 for x64-based systems
- Windows 11 version 24H2 for ARM64-based systems
- Windows Server 2022, 23H2 Edition (Server Core installation)
- Windows 11 version 23H2 for x64-based systems
- Windows 11 version 23H2 for ARM64-based systems
- Windows 10 version 22H2 for 32-bit systems
- Windows 10 version 22H2 for ARM64-based systems
- Windows 10 version 22H2 for x64-based systems
- Windows 11 version 22H2 for x64-based systems
- Windows 11 version 22H2 for ARM64-based systems
- Windows 10 version 21H2 for x64-based systems
- Windows 10 version 21H2 for ARM64-based systems
- Windows 10 version 21H2 for 32-bit systems
- Windows 11 version 21H2 for ARM64-based systems
- Windows 11 version 21H2 for x64-based systems
- Windows Server 2022 (Server Core installation)
- Windows Server 2022
- Windows Server 2019 (Server Core installation)
- Windows Server 2019
- Windows 10 version 1809 for ARM64-based systems
- Windows 10 version 1809 for x64-based systems
- Windows 10 version 1809 for 32-bit systems
According to the advisory, there are currently no security patches available for the vulnerabilities. While this is a worrying situation, the scope of the vulnerability is not very large, as the attacker must have certain privileges within the system before they can exploit these flaws.
Microsoft also has a series of recommended actions for each of the vulnerabilities to help users reduce the chances of an attack. The tech giant also stressed that the CVE will be updated and users will be notified once a security update is ready to be sent.
Follow Gadgets 360 for the latest tech news and reviews. X, Facebook, WhatsApp, Wires And Google News. For the latest videos on gadgets and technology, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who is that360 on Instagram And YouTube.
Nacon delays Terminator: Survivors until 2025, says game needs time to meet expectations
Itel A50, Itel A50C with Unisoc T603 SoC launched in India: Price, Specifications