Security News > 2021 > December > Microsoft fixes Windows AppX Installer zero-day used by Emotet
The bug, a Windows AppX Installer spoofing security flaw tracked as CVE-2021-43890, can be exploited remotely by threat actors with low user privileges in high complexity attacks requiring user interaction.
"We have investigated reports of a spoofing vulnerability in AppX installer that affects Microsoft Windows. Microsoft is aware of attacks that attempt to exploit this vulnerability by using specially crafted packages that include the malware family known as Emotet/Trickbot/Bazaloader," Microsoft explains.
Microsoft also provides mitigation measures for customers who can't immediately install the Microsoft Desktop Installer updates.
BleepingComputer previously reported that Emotet began spreading using malicious Windows App Installer packages camouflaged as Adobe PDF software.
As we reported on December 1, the Emotet gang started infecting Windows 10 systems by installing malicious packages using the App Installer built-in feature.
More information, including the way Emotet abused the Windows App Installer in this campaign, can be found in our previous report.
News URL
Related news
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- Microsoft Will Remove the Free VPN That Comes With Windows Defender Soon (source)
- New Microsoft script updates Windows media with bootkit malware fixes (source)
- Microsoft has finally fixed Date & Time bug in Windows 11 (source)
- Microsoft shares workaround for Windows security update issues (source)
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- Windows 10 KB5051974 update force installs new Microsoft Outlook app (source)
- Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-15 | CVE-2021-43890 | Unspecified vulnerability in Microsoft APP Installer We have investigated reports of a spoofing vulnerability in AppX installer that affects Microsoft Windows. | 7.1 |