Microsoft Windows Vulnerabilities Prompt Critical Cybersecurity Advisory
Microsoft Windows Vulnerabilities Identified
The government’s cybersecurity arm, CERT-In, has issued an advisory regarding significant vulnerabilities in specific versions of Microsoft Windows. These vulnerabilities could enable a hacker to gain elevated privileges on affected systems.
Affected Versions of Microsoft Windows
- Windows 10: Versions 1607, 1809, 21H2, 22H2
- Windows 11: Versions 21H2, 22H2, 23H2, 24H2
- Windows Server: 2016 (including Server Core installation), 2019 (including Server Core installation), 2022 (including 23H2 Edition and Server Core installation)
What the CERT-In Advisory States
CERT-In describes a privilege escalation vulnerability within the Microsoft Windows Kernel, rated as 'high' severity. Successful exploitation of this vulnerability could allow attackers to hijack user privileges on the designated system, with evidence suggesting active exploitation in the wild.
Necessary User Actions
To mitigate risks, Microsoft has rolled out patches to address these vulnerabilities. Users of impacted Windows versions should:
- Check for updates by selecting the Start button and navigating to Settings.
- Go to Update & Security and click on Windows Update.
- Install all available updates as soon as possible.
Additional Vulnerabilities Related to GitHub Enterprise Server
CERT-In has also flagged a vulnerability in GitHub Enterprise Server when using SAML authentication with specific identity providers. This could permit an attacker direct access to GitHub Enterprise Server, enabling them to forge a SAML response to gain user access with site administrator privileges.
This article was prepared using information from open sources in accordance with the principles of Ethical Policy. The editorial team is not responsible for absolute accuracy, as it relies on data from the sources referenced.