India’s national cybersecurity agency, CERT-In, has issued a critical warning to Microsoft users regarding significant vulnerabilities detected across various popular products. The alert, classified as high-severity, was published on January 14 under the advisory CIAD-2026-0002, highlighting potential risks for a wide range of users.
Widespread Vulnerabilities Across Microsoft Products
According to CERT-In, the identified security flaws are not confined to a single software but affect numerous Microsoft offerings. The vulnerable products include the Windows operating system, Microsoft Office suite, Azure Services, SQL Server, developer tools, and systems utilizing Extended Security Updates (ESU). This comprehensive warning extends beyond large corporations and IT teams, emphasizing its relevance for everyday users who rely on Windows computers.
A particular concern is an actively exploited security flaw linked to the Windows Desktop Window Manager, identified as CVE-2026-20805. Attackers with local system access could exploit this vulnerability to covertly steal sensitive information, often without detection until substantial damage has occurred.
Potential Impact and User Recommendations
If these vulnerabilities are not addressed promptly, CERT-In warns of various cyberattack possibilities. These include remote code execution, unauthorized privilege escalation, identity spoofing, data theft, and even complete system crashes. Infected computers could also be leveraged to propagate ransomware or facilitate large-scale data breaches.
Given the risks, the agency stresses the importance of immediate action. Microsoft users are strongly advised to install the latest security updates released in January 2026 without delay. Additionally, limiting unnecessary system access, actively monitoring for suspicious activities, and maintaining updated systems are crucial preventative measures to protect against these severe cyber threats.
