CERT-In warns of serious vulnerability in Windows, issues advisory to update security

The vulnerability affects a whopping 43 versions of Microsoft Windows, and, according to both CERT-In and Microsoft.

Gautam S. MengleUpdated: Wednesday, July 13, 2022, 09:46 AM IST
article-image
CERT-In warns of serious vulnerability in Windows, issues advisory to update security | Photo: Representative Image

The Indian Computer Emergency Response Team (CERT-In) has issued an advisory stating that a serious vulnerability in Microsoft Windows, the most widely used computer operating system in the world, is currently being actively exploited by hackers.

Given the sheer number of consumers using Windows, CERT-In has recommended that users immediately install the latest security updates as well as mitigation measures.

The vulnerability affects a whopping 43 versions of Microsoft Windows, and, according to both CERT-In and Microsoft, could grant hackers control over entire domains if exploited successfully.

According to officials, it exists due to a flaw in the local security authority (LSA), which is a part of the Windows security infrastructure that governs all local security protocols.

“It has been reported that threat actors are actively exploiting the Windows LSA spoofing vulnerability which may allow an unauthenticated attacker to take over the entire Windows domain,” CERT-In’s advisory, which was issued on Monday night, says.

‘Spoofing’ the LSA means that an attacker, by exploiting the flaw, can pose as an authorised user and thus gain access to the entire domain This is all the more serious for businesses and organisations, which use domains to govern all the machines or accounts connected to their system.

The bug falls under the category of a zero-day vulnerability, which is a vulnerability that is discovered only when it is exploited. Further analysis by multiple security researchers around the globe has also shown that this vulnerability is a variation of an earlier-discovered vulnerability, which came to light in 2021.

(To receive our E-paper on whatsapp daily, please click here. To receive it on Telegram, please click here. We permit sharing of the paper's PDF on WhatsApp and other social media platforms.)

RECENT STORIES

'Not a diktat': Amid strong criticism, Sudhir Mungantiwar takes u-turn on his call to say 'Vande...

'Not a diktat': Amid strong criticism, Sudhir Mungantiwar takes u-turn on his call to say 'Vande...

Bihar cabinet expansion to take place tomorrow at 11:30 am

Bihar cabinet expansion to take place tomorrow at 11:30 am

Mumbai: War veterans and families of martyrs felicitated on Independence Day

Mumbai: War veterans and families of martyrs felicitated on Independence Day

Mumbai: FIR against singer Rahul Jain for raping costume stylist in his flat; he says allegation...

Mumbai: FIR against singer Rahul Jain for raping costume stylist in his flat; he says allegation...

Independence Day celebrations: India donates 15,000 bicycles to Madagascar

Independence Day celebrations: India donates 15,000 bicycles to Madagascar