Indian Football in Crisis: AIFF Under Fire for Poor Leadership and Administrative Failures

CERT-In has issued a high-severity warning for users of Microsoft Windows and Office products due to critical flaws that could allow attackers to steal data, run malicious code, or bypass system protections. The vulnerabilities impact a broad range of Microsoft offerings, including Windows, Office, Dynamics, Azure, SQL Server, and Edge browser. Users are urged to apply the latest cumulative updates and keep their systems fully updated, turn on automatic updates, restart devices after updates, and refrain from opening files or clicking on links from untrusted sources.

The Indian Computer Emergency Response Team (CERT-In) has issued a high-severity warning for users of Microsoft Windows and Office products. This advisory, published in July 2025, outlines multiple security flaws that could allow attackers to gain access to sensitive data, execute malicious code, or disrupt essential services. These vulnerabilities impact both individual users and enterprise environments using Microsoft’s suite of software and cloud tools [1].

Impact and Vulnerabilities

According to CERT-In, multiple vulnerabilities exist across Microsoft products that may enable attackers to:
- Gain elevated privileges
- Extract sensitive information
- Execute remote code
- Bypass security measures
- Launch spoofing attacks
- Cause denial-of-service (DoS)
- Tamper with system settings [1]

These flaws have been classified as high-risk and require immediate attention from users to prevent exploitation. The vulnerabilities impact a broad range of Microsoft offerings, including:
- Microsoft Windows (all supported versions)
- Microsoft Office (Word, Excel, Outlook)
- Microsoft Dynamics
- Azure cloud services
- Microsoft SQL Server
- System Centre and Developer Tools
- Extended Security Update (ESU) programs for older Windows versions
- Microsoft Edge browser and other Microsoft apps [1]

Microsoft's Response

Microsoft has acknowledged these vulnerabilities and published a detailed security update guide. The company has also issued fixes via the latest cumulative updates for Windows and other affected platforms. Microsoft claims there is currently no evidence of active exploitation in the wild, but stresses that users should act immediately [1].

User Recommendations

To safeguard your systems, CERT-In recommends the following steps:
- Ensure Windows and Office are fully updated
- Enable auto-updates through Settings
- Reboot your system after installing updates
- Avoid downloading files or clicking links from unknown sources
- Use updated antivirus software and firewalls [1]

Patch Tuesday Update

July’s Patch Tuesday marks a significant escalation in vulnerability severity, with Microsoft addressing 130 vulnerabilities, including a publicly disclosed zero-day vulnerability and a critical wormable remote code execution flaw that could soon be weaponized [2]. This month’s release breaks an 11-month streak of Microsoft addressing zero-day vulnerabilities that are Under Active Exploitation yet system admins and patch teams should not let the lack of any detected exploitation of these vulnerabilities delay addressing them.

Conclusion

The current environment necessitates heightened vigilance. Users are urged to apply the latest cumulative updates and keep their systems fully updated. Turning on automatic updates, restarting devices after updates, and refraining from opening files or clicking on links from untrusted sources are crucial steps to mitigate the risks posed by these vulnerabilities.

References
[1] https://www.moneycontrol.com/technology/indian-government-issues-warning-for-millions-of-windows-laptops-pc-office-users-here-s-what-you-need-to-do-article-13280724.html
[2] https://www.n-able.com/blog/patch-tuesday-july-2025-no-active-exploitation-of-zero-days-belies-importance-of-addressing-wormable-rce-flaw