CERT-In identifies multiple vulnerabilities in Microsoft products and Red Hat Linux Kernel 

CERT-In on Wednesday issued alerts for multiple vulnerabilities in Microsoft products including Microsoft Exchange, Microsoft Windows Support Diagnostic Tool, and Red Hat Linux Kernel. The vulnerabilities are said to be used by remote attackers to access sensitive information and execute arbitrary code on Microsoft products while in Red Hat Linux Kernel they can be exploited to gain elevated privileges and access sensitive information 

Updated - August 12, 2022 07:24 pm IST

CERT-In on Wednesday issued alerts for multiple vulnerabilities in Microsoft products including Microsoft Exchange, Microsoft Windows Support Diagnostic Tool, and Red Hat Linux Kernel

CERT-In on Wednesday issued alerts for multiple vulnerabilities in Microsoft products including Microsoft Exchange, Microsoft Windows Support Diagnostic Tool, and Red Hat Linux Kernel | Photo Credit: Reuters

In Microsoft Products

Microsoft products include Windows, Microsoft Office, Microsoft Exchange server, Azure, System Centre Operations Manager, and Visual Studio, which can be exploited by an attacker to access sensitive information, bypass security restriction, perform denial of services and spoofing attacks or execute arbitrary codes on the targeted systems.  

(Sign up to our Technology newsletter, Today’s Cache, for insights on emerging themes at the intersection of technology, business and policy. Click here to subscribe for free.)

On Microsoft Windows and Office, the vulnerabilities can be used by remote attackers to gain elevated privileges, disclose information by bypassing security restrictions and cause denial of services.

In Microsoft Exchange Server and Azure, the vulnerabilities can be used by attackers to disclose information by gaining elevated privileges on the targeted system. The high severity vulnerability in Microsoft Exchange can be used by an attacker to read email messages on targeted systems.  

The vulnerability in Exchange exists due to improper access restrictions and attackers are known to exploit this by enticing victims to open specially-crafted content. 

And while the vulnerabilities in System Centre Operations Manager can allow attackers to gain elevated privileges, in Visual Studio attackers can remotely execute codes to perform spoofing attacks. 

Vulnerabilities of high severity have also been reported in Microsoft Windows Support Diagnostic Tool (MSDT) which could allow a remote attacker to execute arbitrary code on the targeted system. 

According to CERT-In, this vulnerability exists due to a path transversal weakness and has been used by remote attackers by sending specially-crafted requests on targeted systems. 

Applying appropriate software updates has been recommended to fix the vulnerabilities.  

In Red Hat Linux Kernel

The vulnerabilities with medium severity in Red Hat Linux Kernel exist due to information leak in scsiioctIO); use-after-free in to new tfilter) in net/sched/cls_api.c; Incomplete cleanup of multi-core shared buffers (aka SBDR), microarchitectural fill buffers (aka BDS) and specific special register write operations (aka DRP. 

These vulnerabilities have been reported to be exploited by sending specially crafted requests to gain elevated privileges in targeted systems. 

Successful exploitation of these vulnerabilities can allow attackers to obtain sensitive information or gain elevated privileges.

Applying appropriate software patches has been suggested to fix these vulnerabilities. 

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.