What is the Government warning for Windows Users and why is it important?
The Indian Computer Emergency Response Team (CERT-In) under the Ministry of Electronics and Information Technology has issued an advisory for all Windows users. Agency has hinted over a serious vulnerability in some Microsoft Windows, the most widely used computer operating system in the world. It is recorded that the error can affect the Windows Defender, the tool which guards Windows from malware, viruses, etc.
What is the warning ?
According to CERT-In and Microsoft experts, we have reached a period of high emergency. The vulnerability of the situation is high and can allow hackers to gain access to the victim’s computer, bypassing the security restrictions. It is observed that the flaw exists in the Credential Guard component of the Windows Defender. Hence, it allows a local authenticated attacker to bypass security restrictions and gain elevated privileges on the targeted system.
The bug responsible for the default falls under the category of zero-day vulnerability. This means that it is discovered only when it is exploited. By spoofing, it can pose like an authorized user and thus can gain access to the entire domain. Resulting, serious consequences for businesses and organizations, which use domains to govern all the machines or accounts connected under the system umbrella.
Analysis executed by different security researchers over the world states that this vulnerability is a variation of an earlier discovered vulnerability, around in the year 2021.
Which Windows versions are affected?
Data says, there are around 1.5 billion active users at the moment. And according to experts, the recently identified vulnerability affects around 43 versions of Microsoft versions. To check your device safety skim through the list of affected versions given by CERT-In below
- Windows 11 for ARM64-based Systems
- Windows 11 for x64-based Systems
Windows 10 Version 1607 for x64-based Systems
- Windows 10 Version 1607 for 32-bit Systems
- Windows 10 for x64-based Systems
- Windows 10 for 32-bit Systems
- Windows 10 Version 21H2 for x64-based Systems
- Windows 10 Version 21H2 for ARM64-based Systems
- Windows 10 Version 21H2 for 32-bit Systems
- Windows 10 Version 20H2 for ARM64-based Systems
- Windows 10 Version 20H2 for 32-bit Systems
- Windows 10 Version 20H2 for x64-based Systems
- Windows 10 Version 21H1 for 32-bit Systems
- Windows 10 Version 21H1 for ARM64-based Systems
- Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
- Windows 10 Version 1809 for x64-based Systems
- Windows 10 Version 1809 for 32-bit Systems
- Windows Server 2022 (Server Core installation)
- Windows Server 2022
- Windows Server 2019 (Server Core installation)
- Windows Server 2019
- Windows Server 2016 (Server Core installation)
- Windows Server 2016
- Windows Server, version 20H2 (Server Core installation)
At present, the only measure advised by the CERT-In to protect devices against the vulnerability is to install the appropriate patch for the Windows Defender mentioned in Microsoft Security Bulletin.