The Computer Emergency Response Team (CERT-In), operating under the Ministry of Electronics and Information Technology (MeitY), has recently alerted users of Windows 10 and Windows 11 to two significant vulnerabilities within the operating system. This advisory serves as a crucial reminder of the ever-present need for vigilance in cybersecurity, particularly as these vulnerabilities could potentially allow an attacker to gain elevated privileges on affected systems.
In an advisory issued on August 12 and revised on August 14, CERT-In detailed the nature of these vulnerabilities, stating, “These vulnerabilities exist in Windows-based systems supporting Virtualization Based Security (VBS) and Windows Backup. An attacker with appropriate privileges could exploit these vulnerabilities to reintroduce previously mitigated issues or bypass VBS protections.” The agency further emphasized that successful exploitation could lead to unauthorized access and control over the targeted system.
Affected Windows Versions
The vulnerabilities impact a wide range of Windows builds, including:
- Windows 10 Version 1607 for x64-based Systems
- Windows 10 Version 1607 for 32-bit Systems
- Windows 10 for x64-based Systems
- Windows 10 for 32-bit Systems
- Windows 11 Version 24H2 for x64-based Systems
- Windows 11 Version 24H2 for ARM64-based Systems
- Windows Server 2022, 23H2 Edition (Server Core installation)
- Windows 11 Version 23H2 for x64-based Systems
- Windows 11 Version 23H2 for ARM64-based Systems
- Windows 10 Version 22H2 for 32-bit Systems
- Windows 10 Version 22H2 for ARM64-based Systems
- Windows 10 Version 22H2 for x64-based Systems
- Windows 11 Version 22H2 for x64-based Systems
- Windows 11 Version 22H2 for ARM64-based Systems
- Windows 10 Version 21H2 for x64-based Systems
- Windows 10 Version 21H2 for ARM64-based Systems
- Windows 10 Version 21H2 for 32-bit Systems
- Windows 11 Version 21H2 for ARM64-based Systems
- Windows 11 Version 21H2 for x64-based Systems
- Windows Server 2022 (Server Core installation)
- Windows Server 2022
- Windows Server 2019 (Server Core installation)
- Windows Server 2019
- Windows 10 Version 1809 for ARM64-based Systems
- Windows 10 Version 1809 for x64-based Systems
- Windows 10 Version 1809 for 32-bit Systems
Solution
Fortunately, Microsoft has responded proactively to these vulnerabilities. CERT-In has confirmed that the tech giant has implemented necessary fixes in the latest security patch. To safeguard against potential threats, Windows users are strongly advised to download and install the updates provided by Microsoft promptly.
This advisory highlights the importance of maintaining up-to-date systems and underscores the critical role of timely updates in protecting against cybersecurity threats. As technology continues to evolve, so too must our vigilance and responsiveness to emerging vulnerabilities.