1 min read

Microsoft Windows Patches Zero-Day Vulnerability Used to Spread Emotet Malware

Vlad CONSTANTINESCU

December 15, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Microsoft Windows Patches Zero-Day Vulnerability Used to Spread Emotet Malware

Yesterday, Microsoft started to roll out Patch Tuesday updates to fix Windows security issues and vulnerabilities, including one being exploited to deliver the TrickBot, Bazaloader, and Emotet malware strains.

The latest batch of updates addresses 67 security flaws in Windows operating systems and other Microsoft software; seven flaws are of Critical severity, while the remaining 60 were marked as Important.

By far, one of the most critical flaws addressed by the latest monthly security updates is CVE-2021-43890, a Windows AppX Installer Spoofing Vulnerability.

This flaw has a High attack complexity and requires Low privileges to execute. These metrics form a dangerous combo in terms of exploitability.

Microsoft identified attempts to exploit the aforementioned vulnerability through “specially crafted packages that include the malware family known as Emotet/Trickbot/Bazaloader,” according to the executive summary.

In an attack, perpetrators would create and send a malicious attachment to unsuspecting users, then persuade them to open it through methods such as phishing or spear-phishing.

User accounts with fewer privileges on the operating systems may be less impacted by this attack than those with administrative rights.

Desktop App Installer users are advised to hover over the Trusted app text for more details about the signer, which should help determine whether certain apps should be installed or not.

The latest Patch Tuesday updates should patch the exploitable CVE-2021-43890 vulnerability, but Microsoft also offers a few workarounds for users who can’t install the updates for the Microsoft Desktop Installer.

One workaround involves enabling BlockNonAdminUserInstall and AllowAllTrustedAppToInstall Group Policies (GPOs) to prevent non-admins from installing Windows App packages and apps from outside the Microsoft Store.

Another workaround requires system administrators to use either AppLocker or Windows Defender Application Control to restrict the Desktop App Installer.

Last but not least, administrators can disable the ms-appinstaller protocol or add a browser policy rule to prevent it from being invoked from the browser.

These workarounds are meant as temporary measures, as downloading and installing the latest Microsoft security updates is still one of the safest methods to counter cyberattacks on Windows operating systems.

tags


Author



Right now

Top posts

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
Cyber Tips for a Spook-Free Halloween

Cyber Tips for a Spook-Free Halloween

October 26, 2022

3 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

EU Privacy Watchdog Set to Prohibit Meta From Running Ads Based on Personal Data EU Privacy Watchdog Set to Prohibit Meta From Running Ads Based on Personal Data
Vlad CONSTANTINESCU

December 07, 2022

1 min read
Versailles hospital cancels operations after ransomware attack compromises computer systems Versailles hospital cancels operations after ransomware attack compromises computer systems
Alina BÎZGĂ

December 06, 2022

1 min read
Design Flaw Accidentally Turns Open-Source Ransomware Toolkit into Wiper Malware Design Flaw Accidentally Turns Open-Source Ransomware Toolkit into Wiper Malware
Vlad CONSTANTINESCU

December 06, 2022

2 min read