Windows Risk: The Indian Computer Emergency Response Team under the Ministry of IT has issued a new warning for Windows operating system users. The moderate severity warning is for Windows 10, Windows Server and newly launched Windows 11 operating system users. According to the warning, a vulnerability has been reported in the Windows DNS server that could be used by hackers to inject arbitrary code on the target system.
The warning states that this vulnerability exists in Windows DNS Server due to a deficiency in the DNS Server component. A remote hacker can exploit this vulnerability by sending a specially crafted request. Meaning the hacker can remotely enter his arbitrary code into the target system.
To avoid this, users should immediately install the latest update released by Microsoft. The official website of Indian Computer Emergency Response Team has links that can guide you to the update pages of the above mentioned app. Here is information about the exact versions of Windows 10, Windows Server and Windows 11 that are at risk.
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows Server 2022 Azure Edition Core Hotpatch
Windows Server 2022 (Server Core installation)Windows Server 2022
Apart from this, CERT-In has also issued a warning for the users of Google Chrome browser. According to the warning, a number of flaws have been reported in Google Chrome that could allow a remote hacker to enter arbitrary code, bypass security restrictions, or perform denial of service terms on a target system.
