1 min read

Microsoft Windows Patches Zero-Day Vulnerability Used to Spread Emotet Malware

Vlad CONSTANTINESCU

December 15, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Microsoft Windows Patches Zero-Day Vulnerability Used to Spread Emotet Malware

Yesterday, Microsoft started to roll out Patch Tuesday updates to fix Windows security issues and vulnerabilities, including one being exploited to deliver the TrickBot, Bazaloader, and Emotet malware strains.

The latest batch of updates addresses 67 security flaws in Windows operating systems and other Microsoft software; seven flaws are of Critical severity, while the remaining 60 were marked as Important.

By far, one of the most critical flaws addressed by the latest monthly security updates is CVE-2021-43890, a Windows AppX Installer Spoofing Vulnerability.

This flaw has a High attack complexity and requires Low privileges to execute. These metrics form a dangerous combo in terms of exploitability.

Microsoft identified attempts to exploit the aforementioned vulnerability through “specially crafted packages that include the malware family known as Emotet/Trickbot/Bazaloader,” according to the executive summary.

In an attack, perpetrators would create and send a malicious attachment to unsuspecting users, then persuade them to open it through methods such as phishing or spear-phishing.

User accounts with fewer privileges on the operating systems may be less impacted by this attack than those with administrative rights.

Desktop App Installer users are advised to hover over the Trusted app text for more details about the signer, which should help determine whether certain apps should be installed or not.

The latest Patch Tuesday updates should patch the exploitable CVE-2021-43890 vulnerability, but Microsoft also offers a few workarounds for users who can’t install the updates for the Microsoft Desktop Installer.

One workaround involves enabling BlockNonAdminUserInstall and AllowAllTrustedAppToInstall Group Policies (GPOs) to prevent non-admins from installing Windows App packages and apps from outside the Microsoft Store.

Another workaround requires system administrators to use either AppLocker or Windows Defender Application Control to restrict the Desktop App Installer.

Last but not least, administrators can disable the ms-appinstaller protocol or add a browser policy rule to prevent it from being invoked from the browser.

These workarounds are meant as temporary measures, as downloading and installing the latest Microsoft security updates is still one of the safest methods to counter cyberattacks on Windows operating systems.

tags


Author



Right now

Top posts

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read
Why and how to hide your IP address while traveling

Why and how to hide your IP address while traveling

April 13, 2022

2 min read
How Bitdefender Can Help Restore Your Privacy in the Digital Age

How Bitdefender Can Help Restore Your Privacy in the Digital Age

April 04, 2022

3 min read
How Strong is VPN Encryption?

How Strong is VPN Encryption?

February 28, 2022

3 min read
Top Three Ways Internet Users Unknowingly Help Cybercriminals

Top Three Ways Internet Users Unknowingly Help Cybercriminals

February 25, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Researchers Find Several JavaScript Processing Flaws in Word, Adobe Acrobat, Other Apps Researchers Find Several JavaScript Processing Flaws in Word, Adobe Acrobat, Other Apps
Vlad CONSTANTINESCU
2 min read
Microsoft May Patch Tuesday Causes AD Authentication Failures Microsoft May Patch Tuesday Causes AD Authentication Failures
Vlad CONSTANTINESCU
1 min read
Rejuvenated FluBot Campaign Moves to Finland; iPhone Users Also Targeted Rejuvenated FluBot Campaign Moves to Finland; iPhone Users Also Targeted
Filip TRUȚĂ

May 11, 2022

3 min read