Indian government has serious warning for these laptops and desktops: Check if your devices are affected and tips to stay protected

Laptop

The Indian government issued a high-severity cybersecurity warning earlier this month for users of Microsoft products, especially those running Windows on laptops and desktops. The alert highlights multiple vulnerabilities that could allow attackers to gain system access, steal data, or crash systems. But the issue isn’t limited to Windows-powered devices. This also extends to other laptops and desktops running operating systems other than Windows and supports Office, Azure and other apps and services from Microsoft.

Check if you are affected

The vulnerabilities impact a wide range of Microsoft software, including:
• Microsoft Windows
• Microsoft Office
• Microsoft Azure
• Microsoft Developer Tools
• Microsoft Dynamics
• Microsoft Apps
• Microsoft System Center
• Extended Security Updates (ESU) for legacy Microsoft products

These vulnerabilities apply to both individual users and organisations running Microsoft systems.

What the government has said

According to the advisory, the vulnerabilities may allow attackers to:
• Execute remote code
• Gain elevated privileges
• Access sensitive information
• Bypass security restrictions
• Conduct spoofing attacks
• Cause denial-of-service (DoS) conditions

The government has assigned these flaws a high severity rating, citing potential risks such as data leaks, ransomware attacks, and major disruptions to system stability.

What you can do

The Indian Computer Emergency Response Team (CERT-In) urges all affected users to apply the latest security patches issued by Microsoft.
System administrators and IT teams should verify patch deployment, monitor logs for anomalies, and limit exposure to sensitive assets. Users are also advised to avoid clicking suspicious links and to maintain up-to-date antivirus solutions.

Why these security issues exist

Such vulnerabilities usually arise from flaws in code, insecure configurations, or insufficient validation in core components of software. In this case, key Microsoft services are affected, making it essential for users to take swift preventive action to avoid potential exploitation.