Security News > 2021 > December > Microsoft patches spoofing vulnerability exploited by Emotet (CVE-2021-43890)

Microsoft patches spoofing vulnerability exploited by Emotet (CVE-2021-43890)
2021-12-14 20:21

It's the final Patch Tuesday of 2021 and Microsoft has delivered fixes for 67 vulnerabilities, including a spoofing vulnerability actively exploited to deliver Emotet/Trickbot/Bazaloader malware family.

Of the 67 CVE-numbered flaws, CVE-2021-43890 - a Windows AppX Installer spoofing vulnerability - will, understandably, be a patching priority.

"CVE-2021-43890 allows an attacker to create a malicious package file and then modify it to look like a legitimate application, and has been used to deliver Emotet malware, which made a comeback this year. The patch should mean that packages can no longer be spoofed to appear as valid, but it will not stop attackers from sending links or attachments to these files," noted Kevin Breen, Director of Cyber Threat Research, Immersive Labs.

He also considers CVE-2021-43905, an unauthenticated RCE vulnerability in the Microsoft Office app, important to patch quickly, as it has a high CVSS score of 9.6 and Microsoft considers its exploitation to be "More likely".

Then we have CVE-2021-43883, an elevation of privilege vulnerability in Windows Installer.

"CVE-2021-43883 affects both server and desktop versions of Windows and allows a local user to escalate their privileges, and this kind of vulnerability is highly sought after by attackers looking to move laterally across a network. After gaining the initial foothold, achieving administrator-level access can allow attackers to disable security tools and deploy additional malware or tools like Mimikatz. Almost all ransomware attacks in the last year employed some form of privilege escalation as a key component of the attack prior to launching ransomware," Breen added.


News URL

https://www.helpnetsecurity.com/2021/12/14/cve-2021-43890/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-12-15 CVE-2021-43905 Unspecified vulnerability in Microsoft Office
Microsoft Office app Remote Code Execution Vulnerability
network
low complexity
microsoft
critical
9.6
2021-12-15 CVE-2021-43890 Unspecified vulnerability in Microsoft APP Installer
We have investigated reports of a spoofing vulnerability in AppX installer that affects Microsoft Windows.
network
high complexity
microsoft
7.1
2021-12-15 CVE-2021-43883 Unspecified vulnerability in Microsoft products
Windows Installer Elevation of Privilege Vulnerability
local
low complexity
microsoft
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 480 75 2308 5127 264 7774