Microsoft Perbaiki Bug Zero Day di Windows AppX Installer

Microsoft Fix Zero Day Bug in Windows AppX Installer

Droidcops.COMA Windows Zero Day bug vulnerability with a high threat status that has been exploited out there to deliver Emotet package malware, is claimed to have been patched by Microsoft.

The bug is that the Windows AppX Installer spoofing security vulnerability, and traced as CVE-2021-43890, could be exploited remotely by hackers with low access rights using complex attacks that require user interaction.

“We are investigating reports of a spoofing vulnerability in the AppX Installer affecting Windows. We understand these attacks seek to exploit vulnerabilities by using special packages containing malware of the Emotet/Trickbot/Bazaloader type,” explained Microsoft.

“Hackers can create malicious attachments to then use as bait in their phishing attacks. The hackers then have to convince the user to want to open the package. Users whose accounts have been configured to have fewer access rights to the system will have less risk of threats than users with admin privileges. Microsoft.

To block these exploit attempts, Windows users must install a patched Microsoft Desktop Installer for their platform, including such as:

  • Microsoft Desktop Installer version 1.16 for Windows 10 version 1809 or later.
  • Microsoft Desktop Installer version 1.11 for Windows 10 version 1709 or Windows 10 version 1803.

Microsoft also provides precautionary measures for users who are unable to install the Microsoft Desktop Installer update. The preventive measures recommended by Microsoft include enabling the BlockNonAdminUserInstall feature to prevent users other than admins from installing Windows application packages and enabling AllowAllTrustedAppToInstall to block the installation of applications other than the Microsoft Store.

Disguised As An Adobe App Installer

In several cases, the Emotet malware began to spread by using a malicious Windows App Installer package disguised as Adobe PDF software.

As reported some time ago, this Emotet group started infecting Windows 10 systems by installing malicious packages using the built-in App Installer feature. The same tactic seems to be used for the deployment of the BazarLoader malware stored on Microsoft Azure.

The Emotet group is a group that diligently sends malware, until the security forces shut down their operations and confiscated the infrastructure used in January. 10 Months later, it looks like this group is back on their feet, and is back on the offensive with the help of the TrickBot group.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *