CERT-In Issues “HIGH” Severity Alert For Microsoft Office, Azure, And Windows Users: What You Should Do

Hyderabad: The Indian Computer Emergency Response Team (CERT-In) has issued an alert with a “HIGH” severity rating for Windows PC users. According to an official notice, a vulnerability named CVE-2025-60724 affects the Microsoft Graphics Component (GDI+) across operating systems (OS). This flaw allows attackers to infiltrate the user’s PC and collect personal data.

The vulnerability is serious and impacts multiple parts of the OS, including Windows (the whole OS), Microsoft Office (Word, Excel, PowerPoint), Azure and SQL Server (for Enterprise), and System Centre and Developer Tools.

What is CVE-2025-60724 and how does it work?

CVE-2025-60724 is a GDI+ and remote code execution vulnerability that affects the Windows kernel. It is a core component of the OS that acts as a bridge between the computer’s software and hardware.

The flaw causes a heap-based buffer overflow in the Microsoft Graphics Component. Attackers can convince a victim to download and open a document containing a specially crafted metafile into their system.

Once the document is successfully installed, an attacker can execute arbitrary code or fetch all the sensitive information from the victim’s PC. With CVE-2025-60724 vulnerability, cybercriminals can steal user data, run Ransomware attacks, or execute a remote code — enabling them to run any software on the victim’s PC from anywhere.

Affected software versions

• Windows Server 2016 & 2025
• Windows Server 2012,2012 R2, 2016,2019, 2022 & 2025
• Windows 10 Version 1607 for x64-based & 32-bit Systems
• Windows 10 Version 22H2 for 32-bit & ARM64-based Systems
• Windows 11 Version 23H2 for x64-based & ARM64-based Systems
• Windows 11 Version 24H2 for x64-based & ARM64-based Systems
• Windows 11 Version 25H2 for x64-based & ARM64-based Systems
• Windows Server 2012,2012 R2,2016,2019,2022,23H2 Edition & 2025(Server Core installation)
• Windows Server 2008 R2 for x64-based Systems SP1 (Server Core installation)
• Windows Server 2008 R2 for x64-based Systems SP1 & SP2
• Windows Server 2008 for x64-based Systems SP2 (Server Core installation)
• Windows Server 2008 for 32-bit Systems SP2 (Server Core installation)
• Windows Server 2008 for 32-bit Systems SP2
• Windows 10 Version 22H2 for x64-based Systems
• Windows 10 Version 21H2 for x64-based, ARM64-based & 32-bit Systems
• Windows 10 Version 1809 for x64-based & 32-bit Systems
• Microsoft Office LTSC for Mac 2021 & 2024
• Microsoft Office for Android

What should you do?

Microsoft has already released the fix for this issue. It is highly recommended that users update their OS as soon as possible. They should also check whether Microsoft Edge is updated or not; it might also be affected. Users must also see whether the Microsoft Edge web browser is updated or not; it might also be affected. Here are the steps to update the OS and Microsoft Office apps:

Update Windows:

Step 1: Go to Settings.

Step 2: Then click on Windows Update.

Step 3: Check for updates.

Step 4: Install the November 2025 Cumulative Update.

Step 5: Restart your PC.

Update Office Apps:

Step 1: Open any Office app.

Step 2: Go to File in the upper-left corner.

Step 3: Click on Account.

Step 4: Go to Update Options.

Step 5: Click on Update Now.

Step 6: Restart your PC.