CERT-In issues warnings threatening Adobe, Microsoft and others

CERT-In has recently issued warnings threatening many software including Adobe and Microsoft products

CERT-In (Computer Emergency Response Team), on their website, has shared a number of risks affecting products from Citrix, Adobe, Microsoft, and Zimbra webmail. These alarming warnings have emerged as part of incident prevention and security quality management services from the organization.

Citrix Products

Dangers to Citrix products are reported to affect Citrix Products Delivery Management (ADM) Products and may be used by attackers to cause security breaches and denial of service to the affected systems.

The vulnerability according to the CERT-In report allows attackers to ask for the system to be corrupted and to reset the administrator password to restart the next device. “Successful exploitation of this vulnerability may allow the remote control attacker to bypass security and cause uncontrolled access to the affected device,” the report said.

Risk can also be used to submit a specially designed application to prevent new licenses being renewed or issued and may result in the denial of services to the affected system.

Adobe Products

In Adobe products, vulnerabilities have been reported in many software that could be exploited by attackers to gain higher rights, create incorrect code, write unwanted files in the file system and cause memory leaks in the target system.

These threats, according to the report, exist due to improper input verification, improper authorization, overflow and over-exploitation by attackers by forcing the victim to open specially designed files or applications that may allow attackers to gain maximum privileges and capabilities. can be used to cause memory leakage. Software updates and security patches from Adobe are identified as a risky solution.

Microsoft products

At Microsoft products, threats are reported to Microsoft Windows, Office Microsoft Net Framework, Microsoft Azure, SharePoint Server, SQL Server, Microsoft 365, Microsoft Visual Studio, Microsoft System Center Operations Manager, and Microsoft Browser.

These threats expose the systems affected by the attack in order to access sensitive information, exceed security restrictions, create denial of services and perform Spoofing attacks or create targeted systems. The report also provided solutions to these risks through the June 2022 software updates released by Microsoft on their official website.

Zimbra Web Email

CERT-In has also been reported to be a Zimbra webmaster that can be used by attackers to extract malicious code and retrieve sensitive information from targeted systems. According to the threat report, the risk exists due to Memcached poisoning by unauthorized applications and can be exploited by submitting specially designed applications to the target system. The vulnerability affects the Zimbra version before 9.0.0 P24 and can be repaired with a simple software update.