Indian Computer Emergency Response Team (CERT-In) issues warning of critical vulnerability in Microsoft products, posing security risk

2 min. read

Published onJuly 13, 2023

published onJuly 13, 2023

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

As reported byOdishaTV, a new security concern involving certain Microsoft products has been highlighted by the Indian Computer Emergency Response Team (CERT-In).

The recently discovered vulnerability affects Microsoft Office and Windows HTML, enabling potential attackers to execute code remotely without physical access.

The vulnerability, identified and reported by CERT-In, allows unauthorized individuals to exploit the system and gain control over the affected device. This poses a significant risk to data security, potentially exposing sensitive information.

Several versions of Microsoft products are affected by this vulnerability, including:

The vulnerability within Microsoft Office and Windows HTML stems from inadequate validation of user-provided input during cross-protocol file navigation.

An attacker must persuade a victim to open a specifically crafted file to exploit this vulnerability. Through this weakness, the attacker can execute arbitrary code remotely, jeopardizing the security and reliability of the targeted system.

To mitigate the associated risks, CERT-In recommends the following crucial measures:

For organizations unable to implement these protections, CERT-In suggests adding the following application names as REG_DWORD values, each with a data value of 1, to the designated registry key:

By following these recommendations, users, and organizations can proactively address the risks posed by the Microsoft Office and Windows HTML vulnerability, enhancing their overall security posture.

Davesh Beri

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Davesh Beri

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low#

Copilot in Outlook will generate personalized themes for you to customize the app#

Microsoft will raise the price of its 365 Suite to include AI capabilities#

Death Stranding Director’s Cut is now Xbox X|S at a huge discount#

Outlook will let users create custom account icons so they can tell their accounts apart easier#

Indian Computer Emergency Response Team (CERT-In) issues warning of critical vulnerability in Microsoft products, posing security risk#

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Indian Computer Emergency Response Team (CERT-In) issues warning of critical vulnerability in Microsoft products, posing security risk