Government issues Warning for Microsoft Office and Windows HTML users

A recent warning from CERT-In highlights a newly discovered vulnerability in several Microsoft products, including Microsoft Office and Windows HTML. This vulnerability potentially enables remote attackers to execute unauthorized code on targeted systems, posing a risk to data and device security.

CERT-In is a nodal agency under the Ministry of Electronics and Information Technology. It deals with cybersecurity threats like phishing and hacking.

The Applications of Microsoft Office and Windows HTML affected are -  

Windows 10 for x64-based Systems 

Windows 10 for 32-bit Systems 

Windows 10 Version 22H2 for 32-bit Systems 

Windows 10 Version 22H2 for ARM64-based Systems 

Windows 10 Version 22H2 for x64-based Systems 

Windows 11 Version 22H2 for x64-based Systems 

Windows 11 Version 22H2 for ARM64-based Systems 

Windows 10 Version 21H2 for x64-based Systems 

Windows 10 Version 21H2 for ARM64-based Systems 

Windows 10 Version 21H2 for 32-bit Systems 

Windows 11 version 21H2 for ARM64-based Systems 

Windows 11 version 21H2 for x64-based Systems 

Windows Server 2022 (Server Core installation) 

Windows Server 2022 

Windows Server 2019 (Server Core installation) 

Windows Server 2019 

Windows 10 Version 1809 for ARM64-based Systems 

Windows 10 Version 1809 for x64-based Systems 

Windows 10 Version 1809 for 32-bit Systems 

Microsoft Word 2013 Service Pack 1 (64-bit editions) 

Microsoft Word 2013 Service Pack 1 (32-bit editions) 

Microsoft Word 2016 (64-bit edition) 

Microsoft Word 2016 (32-bit edition) 

Microsoft Office LTSC 2021 for 32-bit editions 

Microsoft Office LTSC 2021 for 64-bit editions 

Microsoft Office 2019 for 64-bit editions 

Windows Server 2012 

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 

Windows Server 2008 R2 for x64-based Systems Service Pack 1 

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 

Windows Server 2008 for x64-based Systems Service Pack 2 

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 

Windows Server 2008 for 32-bit Systems Service Pack 2 

Windows Server 2016 (Server Core installation) 

Windows Server 2016 

Windows 10 Version 1607 for x64-based Systems 

Windows 10 Version 1607 for 32-bit Systems 

Windows Server 2012 R2 

Windows Server 2012 (Server Core installation) 

Microsoft Office 2019 for 32-bit editions 

Windows Server 2012 R2 (Server Core installation) 

CERT-In has advised that users who use Microsoft Defender for Office are protected from attachments that attempt to exploit this vulnerability.