The Indian government has issued a high-risk cyber security warning for Microsoft users across the country. The alert, flagged by the Indian Computer Emergency Response Team (CERT-In) on 18 August 2025, highlights multiple vulnerabilities affecting a wide range of Microsoft products, including Windows, Office, SQL Server, Dynamics, System Centre, Azure, and older versions under Extended Security Updates (ESU). With India being a key market for Microsoft and millions relying on its services, the scale of this vulnerability is significant. (Unsplash)

Vulnerabilities affecting Microsoft users

According to CERT-In, the vulnerabilities carry a high severity rating and pose a threat to both individuals and organisations. Microsoft confirmed that not only the Windows operating system and Office suite are impacted, but also browsers, developer tools, open-source software, and enterprise platforms such as Dynamics 365 and System Centre. Cloud services, including Microsoft Azure apps and server software, are also at risk.

This means potential exposure stretches from home users relying on Office and Windows for daily tasks to large organisations operating on enterprise-level Microsoft applications.

What attackers can do

The flaws could allow attackers to:

-Gain elevated privileges and bypass security controls.

-Steal sensitive information, documents, or login credentials.

-Execute malicious code remotely to compromise systems.

-Launch denial-of-service (DoS) attacks that crash critical applications.

-Spoof system settings or tamper with data integrity.

Such capabilities raise the risk of data leaks, ransomware attacks, and operational downtime, making this one of the most serious advisories of the year.

What CERT-In and Microsoft recommend

Both individual users and IT administrators have been urged to act immediately. For corporate networks, timely patching is critical to avoid large-scale breaches. Home users are also at risk if they fail to update their systems.

Microsoft has advised users to:

-Install the latest security patches without delay.

-Restrict administrative privileges to essential accounts only.

-Enable multi-factor authentication and maintain secure backups.

-Continuously monitor devices and networks for suspicious activity.

-Follow Microsoft’s official advisories for ongoing fixes and workarounds.

Why this matters

With India being a key market for Microsoft and millions relying on its services, the scale of this vulnerability is significant. Cyber experts warn that delayed updates could expose systems to attackers aiming to exploit the flaws for financial gain, espionage, or large-scale disruption.