Security News

It's the final Patch Tuesday of 2021 and Microsoft has delivered fixes for 67 vulnerabilities, including a spoofing vulnerability actively exploited to deliver Emotet/Trickbot/Bazaloader malware family.Of the 67 CVE-numbered flaws, CVE-2021-43890 - a Windows AppX Installer spoofing vulnerability - will, understandably, be a patching priority.

The bug, a Windows AppX Installer spoofing security flaw tracked as CVE-2021-43890, can be exploited remotely by threat actors with low user privileges in high complexity attacks requiring user interaction. "We have investigated reports of a spoofing vulnerability in AppX installer that affects Microsoft Windows. Microsoft is aware of attacks that attempt to exploit this vulnerability by using specially crafted packages that include the malware family known as Emotet/Trickbot/Bazaloader," Microsoft explains.

Today is Microsoft's December 2021 Patch Tuesday, and with it comes fixes for six zero-day vulnerabilities and a total of 67 flaws. Microsoft has fixed 55 vulnerabilities with today's update, with seven classified as Critical and 60 as Important.

Microsoft announced today the general availability of end-to-end encryption support for one-to-one Microsoft Teams calls. "Once IT has configured the policy and enabled it for selected users, those selected users will still need to turn on end-to-end encryption in their Teams settings. IT retains the ability to disable E2EE for one-to-one Teams calls as necessary."

Threat actors are installing a malicious IIS web server module named 'Owowa' on Microsoft Exchange Outlook Web Access servers to steal credentials and execute commands on the server remotely.Microsoft Exchange servers are commonly targeted with web shells that allow threat actors to remotely execute commands on a server and are usually the focus of defenders.

Infection chains associated with the multi-purpose Qakbot malware have been broken down into "Distinct building blocks," an effort that Microsoft said will help to detect and block the threat in an effective manner proactively. The Microsoft 365 Defender Threat Intelligence Team dubbed Qakbot a "Customizable chameleon that adapts to suit the needs of the multiple threat actor groups that utilize it."

Over the past few years, Qbot has grown into widely spread Windows malware that allows threat actors to steal bank credentials and Windows domain credentials, spread to other computers, and provide remote access to ransomware gangs. Victims usually become infected with Qbot through another malware infection or via phishing campaigns using various lures, including fake invoices, payment and banking information, scanned documents, or invoices.

It's no wonder that vulnerabilities in Microsoft solutions are an attractive attack vector. Sensitive Windows Registry database files vulnerabilities.

These attacks can lead to the bypassing of phishing detection and email security solutions, and at the same time, gives phishing URLs a false snse of legitimacy to victims. "The attacks use dozens of distinct Microsoft 365 third-party applications with malicious redirect URLs defined for them," explains Proofpoint's report.

A new phishing campaign analyzed by email security provider Avanan exploits a key feature in Microsoft Outlook. To use Outlook against its users, hackers simply start by devising a phishing email that appears to be sent from an actual person.