The Government of India, through CERT-In, issued a high-risk cybersecurity warning on 18 August 2025, targeting millions of Microsoft users across the country.
This advisory highlights critical vulnerabilities spanning the Microsoft ecosystem—not only Windows and Office but also SQL Server, Dynamics, System Centre, Azure, and legacy systems under Extended Security Updates (ESU).The risks extend further, touching browsers, developer tools, open-source software, and enterprise-level platforms like Dynamics 365 and System Centre.
Potential threats identified by CERT-In include:
- Gaining elevated privileges and circumventing security controls
- Stealing sensitive data such as documents or login credentials
- Executing malicious code remotely to compromise systems
- Launching denial-of-service (DoS) attacks that disrupt operations
- Tampering with data integrity or spoofing system settings
These vulnerabilities pose grave risks—data breaches, ransomware, or prolonged downtime could follow, marking this advisory as one of 2025’s most severe.
Both CERT-In and Microsoft urge immediate action:
- Install the latest security patches without delay.
- Limit administrative privileges strictly to essential accounts.
- Enable multi-factor authentication and maintain secure backups.
- Monitor devices and networks for suspicious activity.
- Refer regularly to Microsoft’s official advisories for ongoing updates or workarounds.
The stakes are high in India—a key market where millions rely on Microsoft’s ecosystem. Individuals and organizations alike must act swiftly to stay protected.
Read more: link
