Microsoft patches spoofing vulnerability that was exploited to spread malware
Microsoft released a major patch that fixes a spoofing vulnerability in AppX installer (CVE-2021-43890), which was utilized by hackers to infect computers with malware including Emotet, Trickbot and Bazaloader. The Windows AppX Installer previously contained a zero-day vulnerability, which enabled bad actors to build malicious packages and the file was then altered to appear as a legitimate application.
Hackers could spread the malware file via attachments in phishing emails, which could trick unsuspecting users to download the attachment. Users are affected more severely by the attack if their user account has administrative privileges than other users with computers operating with fewer user rights.
Microsoft stated that while the patch resolved the vulnerability that allowed the malicious packages to look valid, users should still be wary of downloading unscrupulous attachments in emails.
The patch was released as part of Microsoft’s December Patch Tuesday update, which also comprised of 67 security fixes across many different Microsoft software. Among these fixes, seven were indicated as critical and six were designated as zero-day vulnerability fixes.