The Indian Computer Emergency Response Team (CERT-In) has issued a high-severity warning for users of Microsoft Windows and Office products. The advisory, published in July 2025, outlines multiple security flaws that could allow attackers to gain access to sensitive data, execute malicious code, or disrupt essential services. These vulnerabilities impact both individual users and enterprise environments using Microsoft’s suite of software and cloud tools.
What the CERT-In alert says
According to CERT-In, multiple vulnerabilities exist across Microsoft products that may enable attackers to:
Gain elevated privileges
Extract sensitive information
Execute remote code
Bypass security measures
Launch spoofing attacks
Cause denial-of-service (DoS)
Tamper with system settings
These flaws have been classified as high-risk and require immediate attention from users to prevent exploitation.
Who is affected?
The vulnerabilities impact a broad range of Microsoft offerings, including:
Microsoft Windows (all supported versions)
Microsoft Office (Word, Excel, Outlook)
Microsoft Dynamics
Azure cloud services
Microsoft SQL Server
System Centre and Developer Tools
Extended Security Update (ESU) programs for older Windows versions
Microsoft Edge browser and other Microsoft apps
If you own a Windows PC or use Microsoft Office or any related service, your device could be vulnerable.
How attackers can exploit the flaws
CERT-In notes that these flaws can be exploited in multiple ways. A remote attacker may craft malicious inputs to gain unauthorised access, disrupt operations, or steal confidential information. Some attacks may not require user interaction, making them particularly dangerous in corporate settings where mass deployment is involved.
What Microsoft says
Microsoft has acknowledged these vulnerabilities and published a detailed security update guide. The company has also issued fixes via the latest cumulative updates for Windows and other affected platforms. Microsoft claims there is currently no evidence of active exploitation in the wild, but stresses that users should act immediately.
What should users do?
To safeguard your systems, CERT-In recommends the following steps:
Ensure Windows and Office are fully updated
Enable auto-updates through Settings
Reboot your system after installing updates
Avoid downloading files or clicking links from unknown sources
Use updated antivirus software and firewalls
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
