Security News > 2021 > December > Microsoft fixes Windows AppX Installer zero-day used by Emotet
The bug, a Windows AppX Installer spoofing security flaw tracked as CVE-2021-43890, can be exploited remotely by threat actors with low user privileges in high complexity attacks requiring user interaction.
"We have investigated reports of a spoofing vulnerability in AppX installer that affects Microsoft Windows. Microsoft is aware of attacks that attempt to exploit this vulnerability by using specially crafted packages that include the malware family known as Emotet/Trickbot/Bazaloader," Microsoft explains.
Microsoft also provides mitigation measures for customers who can't immediately install the Microsoft Desktop Installer updates.
BleepingComputer previously reported that Emotet began spreading using malicious Windows App Installer packages camouflaged as Adobe PDF software.
As we reported on December 1, the Emotet gang started infecting Windows 10 systems by installing malicious packages using the App Installer built-in feature.
More information, including the way Emotet abused the Windows App Installer in this campaign, can be found in our previous report.
News URL
Related news
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- Microsoft testing Windows 11 support for third-party passkeys (source)
- Microsoft asks Windows Insiders to try out the controversial Recall feature (source)
- Microsoft blocks Windows 11 24H2 on some PCs with USB scanners (source)
- Security? We've heard of it: How Microsoft plans to better defend Windows (source)
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)
- RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (source)
- Firefox and Windows zero-days exploited by Russian RomCom hackers (source)
- New Windows Server 2012 zero-day gets free, unofficial patches (source)
- Microsoft says premature patch could make Windows Recall forget how to work (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-15 | CVE-2021-43890 | Unspecified vulnerability in Microsoft APP Installer We have investigated reports of a spoofing vulnerability in AppX installer that affects Microsoft Windows. | 7.1 |