The Indian Computer Emergency Response Team (CERT-In), under the Ministry of Electronics and Information Technology, has issued a high-severity advisory (CIAD-2025-0028), warning users and organisations of multiple, high-impact vulnerabilities in a broad range of Microsoft offerings.
The advisory affects a wide spectrum of Microsoft software, including operating systems and Microsoft Office, Microsoft Dynamics, browsers, developer tools, SQL Server, server software, Azure, apps, and even legacy products under Extended Security Updates (ESU).
The vulnerabilities pose serious threats, such as remote code execution, elevated privilege exploitation, sensitive data disclosure, security restriction bypass, poofing attacks, denial-of-service scenarios, potential tampering with system settings.
Potential consequences include system compromise, data exfiltration, ransomware attacks, or destabilization of critical systems. CERT-In urges IT administrators, security teams, and end users to promptly apply relevant security patches provided by Microsoft. The advisory directs users to the official Microsoft Security Update Guide for comprehensive details on affected products, CVEs, and mitigations.
The affected Microsoft ecosystem, spanning desktops, enterprise solutions, and cloud infrastructure, amplifies the potential fallout from unaddressed vulnerabilities.
