Highlight
- CERT-In issued an urgent advisory for users of Microsoft Windows, Office, and Edge.
- Attackers could gain unauthorized access, execute arbitrary code, or cause denial-of-service conditions.
- Users are advised to install the latest security updates for Windows, Office, and Edge.
- Microsoft claims its new tool can correct AI hallucinations.
The government body advises users to update Microsoft Edge on their device to the latest version. (Image credit – Microsoft Edge)
The Indian government has issued an urgent advisory for users of certain Microsoft products to update their devices immediately. This comes in response to the discovery of critical vulnerabilities that could potentially be exploited by cyber attackers.
The advisory was released by the Indian Computer Emergency Response Team (CERT-In). It specifically targets users of Microsoft Windows, Office, and Edge.
As per the released advisory, the vulnerabilities could allow attackers to gain unauthorized access to sensitive information, execute arbitrary code, or cause denial-of-service conditions.
“Multiple vulnerabilities have been reported in Microsoft Edge (Chromium) which could be exploited by a remote attacker to trigger remote code execution, perform UI spoofing, exploit stack & heap corruption on the targeted system,” CERT-In says.
These vulnerabilities, it says “exist in Microsoft Edge (Chromium) due to inappropriate implementation in UI, Autofill & insufficient data validation in Omnibox, Type Confusion in V8, incorrect security UI in Downloads, Out-of-bounds Write issue and improper neutralization of input during web page generation.”
The government body advises users to update Microsoft Edge on their device to the latest version. Microsoft has released the latest Microsoft Edge Stable Channel (Version 129.0.2792.52) and Microsoft Edge Extended Stable Channel (128.0.2739.90) which incorporate the latest updates of the Chromium project.
This update contains the following Microsoft Edge-specific updates: CVE-2024-43489, CVE-2024-43496 and CVE-2024-38221.
The advisory highlights that the vulnerabilities affect multiple versions of Microsoft Windows.
It includes Windows 10 and Windows 11, as well as Microsoft Office and the Edge browser.
CERT-In has highlighted the importance of keeping software up to date. It is significant to protect against potential cyber threats.
The advisory also includes detailed instructions on how to apply the updates. It further encourages Microsoft users to enable automatic updates to ensure their systems remain secure.
Immediate Action Required –
- Users are strongly advised to install the latest security updates provided by Microsoft.
- These updates address the identified vulnerabilities.
- It will be crucial to maintain the security of the affected systems.
How to Update Windows?
Users can update their devices by navigating to the Windows Update section in their system settings.
For Office and Edge, updates can be installed through the respective applications’ update mechanisms.
The recent advisory follows a series of similar notices issued by CERT-In in the last few months.
This reflects the growing cybersecurity threats. The agency has been actively working to raise awareness and provide guidance to both individuals and organizations.
Microsoft’s New Tool Can Correct AI Hallucinations?
Experts have often flagged AI tools for notoriously lying. AI hallucinations are a much bigger issue that many tech companies are working to resolve. But it looks like Microsoft has finally found a solution.
According to Microsoft, its tool Correction is a service that “attempts to automatically revise AI-generated text that’s factually wrong.”
Microsoft’s Correction Tool Demo. (Image credit – Microsoft)
“Correction is powered by a new process of utilizing small language models and large language models to align outputs with grounding documents. We hope this new feature supports builders and users of generative AI in fields such as medicine, where application developers determine the accuracy of responses to be of significant importance,” a Microsoft spokesperson told TechCrunch.
“Correction can significantly enhance the reliability and trustworthiness of AI-generated content by helping application developers reduce user dissatisfaction and potential reputational risks,” the Microsoft spokesperson further said.
“It is important to note that groundedness detection does not solve for ‘accuracy,’ but helps to align generative AI outputs with grounding documents.”
Industry experts were quick to raise concerns about this new Microsoft tool. A research fellow at Queen Mary University specializing in AI, Mike Cook argued that even such a tool even if works will increase the already persistent trust and explainability issues about AI among users.
“What Microsoft is doing now is repeating the mistake at a higher level. Let’s say this takes us from 90% safety to 99% safety — the issue was never really in that 9%. It’s always going to be in the 1% of mistakes we’re not yet detecting,” Cooks said.
Correction is currently available as part of Microsoft’s Azure AI Content Safety API (in preview for now). It can be used with any text-generating AI model, including Meta’s Llama and OpenAI’s GPT-4o.
Previously, Google also introduced a similar feature in Vertex AI. It allows customers to “ground” models by using data from third-party providers, their datasets, or Google Search.”
FAQs
Q1. Why has the Indian government issued an urgent advisory for Microsoft users?
Answer. CERT-In has issued an urgent advisory for users of Microsoft Windows, Office, and Edge to update their devices immediately due to the discovery of critical vulnerabilities that could be exploited by cyber attackers.
Q2. What are the risks associated with the identified vulnerabilities in Microsoft products?
Answer. The vulnerabilities could allow attackers to gain unauthorized access to sensitive information, execute arbitrary code, or cause denial-of-service conditions. Specific issues in Microsoft Edge (Chromium) include remote code execution, UI spoofing, and other security flaws.
Q3. How can users update their Microsoft devices to address these vulnerabilities?
Answer. Users can update their devices by navigating to the Windows Update section in their system settings for Windows updates. For Office and Edge, updates can be installed through the respective applications’ update mechanisms. Enabling automatic updates is also recommended to ensure ongoing security.
Read more: Delta CEO Criticizes Microsoft After Major Outage and Highlights Apple’s Stability
Read more: Microsoft to Enhance Windows Resilience After CrowdStrike Update Issue
Read more: CrowdStrike Update Bug Causes Global Disruption, Microsoft Highlights Apple’s Superior Security