The National Computer Emergency Response Team (NCERT) has issued a Cyber Security Advisory alerting the public about critical vulnerabilities identified in Microsoft products.
The advisory highlights the urgent need for users and administrators to update their devices and applications with the latest patches released by Microsoft.
According to the advisory, Microsoft has addressed a total of 61 vulnerabilities, including two critical flaws that are actively being exploited by malicious actors. These critical vulnerabilities are identified as CVE-2024-21334, which concerns the Microsoft Open Management Infrastructure Remote Code Execution Vulnerability, and CVE-2024-21400, addressing the Microsoft Azure Kubernetes Privilege Escalation Vulnerability.
The exploitation of these vulnerabilities poses significant risks to the security and integrity of systems and data. Attackers could potentially execute arbitrary code remotely or escalate privileges within Azure Kubernetes environments, leading to unauthorized access and potential compromise of sensitive information.
In response to the severity of these vulnerabilities, the NCERT has urged administrators and users of all Microsoft products to take immediate action by applying the necessary patches provided by Microsoft. Failure to do so could leave systems and networks vulnerable to exploitation by cybercriminals.
Furthermore, the NCERT has taken proactive steps to disseminate this advisory to Federal Ministries and all provincial governments, emphasizing the importance of sharing this critical information with all relevant stakeholders within their respective organizations. It is crucial for all departments and affiliated entities to prioritize the implementation of protective measures outlined in the advisory to mitigate the risk of exploitation.
