Security News > 2021 > December > Microsoft fixes Windows AppX Installer zero-day used by Emotet
The bug, a Windows AppX Installer spoofing security flaw tracked as CVE-2021-43890, can be exploited remotely by threat actors with low user privileges in high complexity attacks requiring user interaction.
"We have investigated reports of a spoofing vulnerability in AppX installer that affects Microsoft Windows. Microsoft is aware of attacks that attempt to exploit this vulnerability by using specially crafted packages that include the malware family known as Emotet/Trickbot/Bazaloader," Microsoft explains.
Microsoft also provides mitigation measures for customers who can't immediately install the Microsoft Desktop Installer updates.
BleepingComputer previously reported that Emotet began spreading using malicious Windows App Installer packages camouflaged as Adobe PDF software.
As we reported on December 1, the Emotet gang started infecting Windows 10 systems by installing malicious packages using the App Installer built-in feature.
More information, including the way Emotet abused the Windows App Installer in this campaign, can be found in our previous report.
News URL
Related news
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Microsoft fixes Windows zero-day exploited in QakBot malware attacks (source)
- Microsoft fixes Windows Sysprep issue behind 0x80073cf2 errors (source)
- Recent Windows updates break Microsoft Connected Cache delivery (source)
- Microsoft patches two actively exploited zero-days (CVE-2024-29988, CVE-2024-26234) (source)
- Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included (source)
- Telegram fixes Windows app zero-day caused by file extension typo (source)
- Telegram fixes Windows app zero-day used to launch Python scripts (source)
- Microsoft now testing app ads in Windows 11's Start menu (source)
- Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-12-15 | CVE-2021-43890 | Unspecified vulnerability in Microsoft APP Installer <p>We have investigated reports of a spoofing vulnerability in AppX installer that affects Microsoft Windows. | 7.1 |