Security News > 2021 > December > Microsoft fixes Windows AppX Installer zero-day used by Emotet
The bug, a Windows AppX Installer spoofing security flaw tracked as CVE-2021-43890, can be exploited remotely by threat actors with low user privileges in high complexity attacks requiring user interaction.
"We have investigated reports of a spoofing vulnerability in AppX installer that affects Microsoft Windows. Microsoft is aware of attacks that attempt to exploit this vulnerability by using specially crafted packages that include the malware family known as Emotet/Trickbot/Bazaloader," Microsoft explains.
Microsoft also provides mitigation measures for customers who can't immediately install the Microsoft Desktop Installer updates.
BleepingComputer previously reported that Emotet began spreading using malicious Windows App Installer packages camouflaged as Adobe PDF software.
As we reported on December 1, the Emotet gang started infecting Windows 10 systems by installing malicious packages using the App Installer built-in feature.
More information, including the way Emotet abused the Windows App Installer in this campaign, can be found in our previous report.
News URL
Related news
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- Microsoft may have scrapped Windows 11's dynamic wallpapers feature (source)
- Microsoft to force install new Outlook on Windows 10 PCs in February (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- 3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update (source)
- Microsoft ends support for Office apps on Windows 10 in October (source)
- Microsoft expands testing of Windows 11 admin protection feature (source)
- Microsoft starts force upgrading Windows 11 22H2, 23H3 devices (source)
- Microsoft fixes Office 365 apps crashing on Windows Server systems (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-15 | CVE-2021-43890 | Unspecified vulnerability in Microsoft APP Installer We have investigated reports of a spoofing vulnerability in AppX installer that affects Microsoft Windows. | 7.1 |