Microsoft Windows Patches Zero-Day Vulnerability Used to Spread Emotet Malware
Yesterday, Microsoft started to roll out Patch Tuesday updates to fix Windows security issues and vulnerabilities, including one being exploited to deliver the TrickBot, Bazaloader, and Emotet malware strains.
The latest batch of updates addresses 67 security flaws in Windows operating systems and other Microsoft software; seven flaws are of Critical severity, while the remaining 60 were marked as Important.
By far, one of the most critical flaws addressed by the latest monthly security updates is CVE-2021-43890, a Windows AppX Installer Spoofing Vulnerability.
This flaw has a High attack complexity and requires Low privileges to execute. These metrics form a dangerous combo in terms of exploitability.
Microsoft identified attempts to exploit the aforementioned vulnerability through “specially crafted packages that include the malware family known as Emotet/Trickbot/Bazaloader,” according to the executive summary.
In an attack, perpetrators would create and send a malicious attachment to unsuspecting users, then persuade them to open it through methods such as phishing or spear-phishing.
User accounts with fewer privileges on the operating systems may be less impacted by this attack than those with administrative rights.
Desktop App Installer users are advised to hover over the Trusted app text for more details about the signer, which should help determine whether certain apps should be installed or not.
The latest Patch Tuesday updates should patch the exploitable CVE-2021-43890 vulnerability, but Microsoft also offers a few workarounds for users who can’t install the updates for the Microsoft Desktop Installer.
One workaround involves enabling BlockNonAdminUserInstall and AllowAllTrustedAppToInstall Group Policies (GPOs) to prevent non-admins from installing Windows App packages and apps from outside the Microsoft Store.
Another workaround requires system administrators to use either AppLocker or Windows Defender Application Control to restrict the Desktop App Installer.
Last but not least, administrators can disable the ms-appinstaller protocol or add a browser policy rule to prevent it from being invoked from the browser.
These workarounds are meant as temporary measures, as downloading and installing the latest Microsoft security updates is still one of the safest methods to counter cyberattacks on Windows operating systems.
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight
April 15, 2022
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users
April 14, 2022
Why and how to hide your IP address while traveling
April 13, 2022
How Bitdefender Can Help Restore Your Privacy in the Digital Age
April 04, 2022
How Strong is VPN Encryption?
February 28, 2022
Top Three Ways Internet Users Unknowingly Help Cybercriminals
February 25, 2022