Microsoft tools like Windows, Office, Outlook pose high risk: CERT-In

The cybersecurity agency CERT-In, or the Indian Computer Emergency Response Team, has issued a high-security warning to Microsoft users in the country against potential hacking and remote theft of data.

The agency has detected severe vulnerabilities in Microsoft products such as Windows OS, MS Office, Bing, Outlook, Azure, Microsoft Developer Tools, System Center, Microsoft Dynamics and Exchange Server. The vulnerabilities listed on the CERT-In website could give hackers the power to bypass security restrictions, gain control of a user’s computer remotely and access information.

The CERT-In warning outlined: “The vulnerabilities exist due to improper access restrictions within the proxy driver and insufficient implementations of the Mark of the Web (MotW) feature in Microsoft Windows. The SmartScreen security feature protection mechanism bypasses the MotW feature and allows the malware to execute on a target system. The threat actors may exploit these vulnerabilities by sending specially crafted requests. Successful exploitations of these vulnerabilities could allow an attacker to execute arbitrary code, bypass security features and compromise the targeted system.”

The CERT-In warning is relevant because there has been a gradual rise in cybercrimes over the past decade with the increasing use of smartphones and laptops at work as well as for the purpose of entertainment. Cyber theft of private as well as financial data is on the rise.

The vulnerabilities reported in Microsoft Products, according to the CERT-In website, could actually enable a hacker to “perform spoofing attacks or cause denial of service conditions”. A hacker could trick the computer user into clicking on bogus links, too, and shut down a computer remotely.