CERT-In Warns Windows Users of Vulnerabilities in Multiple Versions

The Indian Computer Emergency Response Team (CERT-In), the government’s cybersecurity agency, has recently issued a cautionary alert aimed at Windows users. This advisory highlights several vulnerabilities discovered across various versions of Microsoft Windows, which could potentially enable attackers to gain elevated privileges on targeted systems. The vulnerabilities are particularly concerning for Windows systems that utilize Virtualisation-Based Security (VBS) and Windows Backup functionalities.

Affected Windows Versions

The vulnerabilities span a wide array of Windows versions, including:

Windows 10: Versions 1607, 21H2, 22H2, and 1809, applicable to 32-bit, x64, and ARM64-based systems.
Windows 11: Versions 21H2, 22H2, and 24H2, for x64 and ARM64-based systems.
Windows Server: Windows Server 2016, 2019, 2022, including Server Core installations.

How to Stay Safe

As Microsoft has not yet rolled out security patches to address these vulnerabilities, users are encouraged to adopt several precautionary measures to safeguard their systems:

Activate Firewall and Update Antivirus: Ensure that your system’s firewall is activated and that you have updated antivirus software installed. These tools are essential for detecting and blocking malicious activities.
Be Vigilant Against Phishing Attempts: Cyber attackers often exploit vulnerabilities through deceptive emails and malicious links. Exercise caution when opening emails from unknown senders, and refrain from clicking on suspicious links or downloading unexpected attachments.
Disable Unused Features: If certain features, such as Virtualization-Based Security (VBS) or Windows Backup, are not in use, consider temporarily disabling them. This can help minimize the attack surface and lower the risk of exploitation.
Maintain Reliable Backups: Maintain a reliable and up-to-date backup of your important files. In the unfortunate event of a successful attack, having a backup can be crucial for quick data recovery.
Stay Informed: Stay informed about updates from Microsoft and CERT-In. Promptly apply any patches released to address these vulnerabilities as soon as they become available.

By taking these steps, users can significantly reduce the risk of falling victim to potential cyber-attacks targeting these newly discovered vulnerabilities. While the wait for official patches continues, vigilance and proactive measures remain the best defense.

How to download iCloud for Windows without Microsoft Store?

To download iCloud for Windows without using the Microsoft Store, visit the official Apple website. Navigate to the iCloud for Windows section and look for a standalone installer. Apple provides a direct download link for those who prefer not to use the Microsoft Store. Simply download the installer, run the file, and follow the on-screen instructions to complete the installation.

Where is Microsoft Picture Manager in Windows 10?

Microsoft Office Picture Manager is not included in Office 2013 and later versions nor in Windows 10 by default. However, you can install it as part of the SharePoint Designer 2010 or 2007 installation package. Download SharePoint Designer from the Microsoft website, run the installer, and select only Microsoft Office Picture Manager during the installation process.

Update: 13 Aug 2024