The Indian government has issued a high-risk cybersecurity alert for Microsoft users nationwide. The warning, released by the Indian Computer Emergency Response Team (CERT-In) on August 18, 2025, points to multiple critical vulnerabilities affecting several Microsoft products. These include Windows, Office, SQL Server, Dynamics, System Center, Azure, and older versions receiving Extended Security Updates (ESU). CERT-In classifies the flaws as highly severe, posing threats to both individual users and organisations.
Microsoft has confirmed that the vulnerabilities affect not only Windows and Office but also browsers, developer tools, open-source platforms, and enterprise solutions like Dynamics 365. Cloud services, including Microsoft Azure, are also at risk. These vulnerabilities could allow hackers to gain elevated privileges, steal sensitive data, execute remote code, crash critical systems, or alter system settings — increasing the risk of ransomware, data breaches, and operational disruptions.
Both CERT-In and Microsoft advise users to install the latest security updates, limit admin access, enable multi-factor authentication, maintain regular backups, and monitor systems for threats. Timely action is essential, especially given India’s widespread reliance on Microsoft’s ecosystem.
