New Delhi: The Computer Emergency Response Team (CERT-In), operating under the Ministry of Electronics and Information Technology (MeitY), has issued an urgent warning for Windows 10 and Windows 11 users.
The alert, first released on August 12 and updated on August 14, underscores critical vulnerabilities in these operating systems that could potentially allow attackers to gain “elevated privileges” on the compromised systems.
The advisory notes that the vulnerabilities affect systems utilizing Virtualization Based Security (VBS) and Windows Backup. If exploited, these vulnerabilities could enable cybercriminals to circumvent VBS protections or reintroduce issues that had been previously resolved, leading to unauthorized access and control of the affected systems.
The vulnerabilities pertain to various versions of Windows designed for both personal and server use.
The list of impacted versions is extensive and includes:
-
- Windows Server 2016 (Server Core installation)
-
- Windows 10 (Various versions including 1607, 1809, 21H2, 22H2, and 23H2)
-
- Windows 11 (Versions 21H2, 22H2, and 24H2 for x64 and ARM64-based systems)
-
- Windows Server 2019 (Server Core installation)
-
- Windows Server 2022 (Server Core installation and regular installation)
Recommended action:
CERT-In recommends that all impacted users promptly update their systems with the latest security patches released by Microsoft. The company has issued updates to rectify these vulnerabilities and shield users from possible exploitation.
Windows users should verify and install these updates to maintain the security of their systems and protect against these critical vulnerabilities.
