Indian Computer Emergency Response Team (CERT-In) issues warning of critical vulnerability in Microsoft products, posing security risk

News

Reading time icon 2 min. read

Calendar icon Published on

by Davesh Beri 

published on

Share this article

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

As reported by OdishaTV, a new security concern involving certain Microsoft products has been highlighted by the Indian Computer Emergency Response Team (CERT-In).

The recently discovered vulnerability affects Microsoft Office and Windows HTML, enabling potential attackers to execute code remotely without physical access.

The vulnerability, identified and reported by CERT-In, allows unauthorized individuals to exploit the system and gain control over the affected device. This poses a significant risk to data security, potentially exposing sensitive information.

Several versions of Microsoft products are affected by this vulnerability, including:

  • Windows 10 (x64-based, 32-bit, and 22H2 versions)
  • Windows 11 (22H2 and ARM64-based versions)
  • Windows Server 2022 and 2019
  • Windows 10 (Version 21H2 and 1809)
  • Microsoft Word (2013 Service Pack 1 and 2016 editions)
  • Microsoft Office LTSC 2021 and 2019
  • Windows Server 2012, 2008 R2, and 2008
  • Windows Server 2016
  • Windows 10 (Version 1607)
  • Windows Server 2012 R2
  • Microsoft Office 2019

The vulnerability within Microsoft Office and Windows HTML stems from inadequate validation of user-provided input during cross-protocol file navigation.

An attacker must persuade a victim to open a specifically crafted file to exploit this vulnerability. Through this weakness, the attacker can execute arbitrary code remotely, jeopardizing the security and reliability of the targeted system.

To mitigate the associated risks, CERT-In recommends the following crucial measures:

  1. Users who have Microsoft Defender for Office installed are already protected against attachments attempting to exploit this vulnerability.
  2. Enabling the “Block all Office applications from creating child processes” Attack Surface Reduction Rule is strongly advised, as it effectively thwarts the exploitation of this vulnerability.

For organizations unable to implement these protections, CERT-In suggests adding the following application names as REG_DWORD values, each with a data value of 1, to the designated registry key:

  • Excel.exe
  • Graph.exe
  • MSAccess.exe
  • MSPub.exe
  • PowerPoint.exe
  • Visio.exe
  • WinProj.exe
  • WinWord.exe

By following these recommendations, users, and organizations can proactively address the risks posed by the Microsoft Office and Windows HTML vulnerability, enhancing their overall security posture.

Davesh Beri

Davesh Beri Shield