Millions of users across India who rely on Microsoft Windows and Office products are facing serious cybersecurity risks, as highlighted in a recent advisory issued by the Indian Computer Emergency Response Team (CERT-In). The government has warned that multiple vulnerabilities have been identified in Microsoft products, posing potential threats to individual users, enterprises, and critical systems.

CERT-In Warns of Critical Microsoft Vulnerabilities in August 2025

The security bulletin, published by CERT-In in August 2025, warns that these vulnerabilities could be exploited by cybercriminals to gain unauthorized access, execute remote code, steal sensitive data, or bypass security measures. In more severe scenarios, attackers could even cause denial of service (DoS) conditions or tamper with key system settings-posing a critical risk to national and corporate cybersecurity frameworks.

Microsoft Windows, Office and Other Products Affected

The vulnerabilities affect a broad range of Microsoft products widely used by individuals and businesses alike. These include:

Microsoft Windows 10 and 11

Microsoft Office Suite (Word, Excel, PowerPoint, Outlook)

Microsoft Dynamics

Microsoft Edge browser

Device Developer Tools

Microsoft SQL Server

Implications for Users and Businesses

Both current and legacy systems are impacted, making the advisory relevant for nearly all Microsoft ecosystem users. Enterprise environments, in particular, may face heightened exposure due to the scale and interconnectivity of their systems.

CERT-In's bulletin outlines a range of attack possibilities stemming from these vulnerabilities. These include:

Remote Code Execution (RCE): Attackers could take control of a system remotely.

Privilege Escalation: Hackers may gain elevated access to critical functions.

Spoofing and Data Theft: Sensitive user data could be intercepted or forged.

System Tampering: Core configurations could be altered without user consent.

Service Disruption: Denial-of-service attacks could cripple operations.

For organizations, the risks are even more dire. A successful breach could result in ransomware attacks, intellectual property theft, financial loss, or massive data leaks, especially in sectors like finance, healthcare, education, and government.

Microsoft's Response and User Recommendations

Microsoft has acknowledged the vulnerabilities and has begun rolling out security updates for all affected products. The company is urging users to take immediate action to protect their systems.

Key recommendations include:

• Enable automatic updates in system settings to ensure timely installation of patches.
• Manually check for updates via Windows Update or the Microsoft Update Catalog.
• Reboot systems after applying updates to complete the patching process.
• Refer to Microsoft's August 2025 Update Guide for detailed instructions on updates specific to each product.

CERT-In's Advisory

The Indian cybersecurity agency's alert serves as a crucial reminder of the growing sophistication of cyberattacks and the importance of proactive defense measures. Both individual users and enterprise IT administrators are advised to remain vigilant, apply security patches without delay, and regularly monitor systems for unusual activity.