Notebookcheck Logo
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 

Microsoft patches spoofing vulnerability that was exploited to spread malware

Bad actors were previously able to take advantage of a vulnerability in AppX installer that allowed them to spread malware. (Image: RoonZ.nl via Unsplash)
Bad actors were previously able to take advantage of a vulnerability in AppX installer that allowed them to spread malware. (Image: RoonZ.nl via Unsplash)
Microsoft patched a zero-day vulnerability that affected the AppX installer in Windows. The vulnerability allowed hackers to create packages to infect systems with malware. The patch was included in the December Patch Tuesday update.

Microsoft released a major patch that fixes a spoofing vulnerability in AppX installer (CVE-2021-43890), which was utilized by hackers to infect computers with malware including Emotet, Trickbot and Bazaloader. The Windows AppX Installer previously contained a zero-day vulnerability, which enabled bad actors to build malicious packages and the file was then altered to appear as a legitimate application.

Hackers could spread the malware file via attachments in phishing emails, which could trick unsuspecting users to download the attachment. Users are affected more severely by the attack if their user account has administrative privileges than other users with computers operating with fewer user rights.

Microsoft stated that while the patch resolved the vulnerability that allowed the malicious packages to look valid, users should still be wary of downloading unscrupulous attachments in emails.

The patch was released as part of Microsoft’s December Patch Tuesday update, which also comprised of 67 security fixes across many different Microsoft software. Among these fixes, seven were indicated as critical and six were designated as zero-day vulnerability fixes.

Buy Microsoft Office Home & Business 2021 on Amazon

static version load dynamic
Loading Comments
Comment on this article
Aleem Ali
Aleem Ali - Tech Writer - 72 articles published on Notebookcheck since 2021
I became fascinated with computers from the age of 5 years old, starting with Windows 95. Since then, I have developed a passion for human interactions. After completion of my undergraduate degrees, my interest in technology grew and propelled me to push into new areas. Now, I seek to expand my knowledge of technology, people, and business; and I write articles about new and exciting technology and experiences. I also enjoy gaming and design.
contact me via: LinkedIn
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2021 12 > Microsoft patches spoofing vulnerability that was exploited to spread malware
Aleem Ali, 2021-12-16 (Update: 2021-12-16)