The Indian Computer Emergency Response Team (CERT-In) has issued a high-risk advisory concerning multiple vulnerabilities identified in various Microsoft products. These security flaws could allow attackers to gain elevated privileges, execute remote code, access sensitive information, bypass security restrictions, manipulate data, perform spoofing attacks, and cause denial of service (DoS) on targeted systems.

According to CERT-In's advisory CIAD-2025-0008, the affected Microsoft products include:

  • Microsoft Azure
  • Microsoft Developer Tools
  • Microsoft Windows
  • Extended Security Updates (ESU) for legacy Microsoft products
  • Microsoft Office
  • Microsoft Mariner
  • Microsoft Apps for different platforms
  • Microsoft Devices

Among the reported vulnerabilities, CVE-2025-21391 and CVE-2025-21418 are particularly concerning. These vulnerabilities in Microsoft Windows could allow a local attacker to gain elevated privileges on the targeted system. Notably, these vulnerabilities have been reported to be exploited in the wild, increasing the urgency for remediation.

In response to these findings, CERT-In recommends that users and administrators apply the appropriate security updates as detailed in Microsoft's February 2025 security release notes. Prompt application of these updates is crucial to mitigate potential risks associated with these vulnerabilities.

For a comprehensive list of affected products, detailed descriptions of the vulnerabilities, and recommended solutions, users are advised to consult the official CERT-In advisory and Microsoft's security update guide.

Staying vigilant and ensuring that all systems are up-to-date with the latest security patches is essential in maintaining a secure computing environment.