Microsoft patches vulnerability in Windows AppX Installer being used to spread Emotet malware
This vulnerability, tracked under code CVE-2021-43890, is related to Windows AppX Installer spoofing. Cybercriminals can remotely exploit this vulnerability with low user privileges. However, for successful exploitation, it is necessary to organize attacks of high complexity and require user (victim) interaction.
"We investigated reports of a rogue vulnerability in AppX Installer affecting Microsoft Windows. Microsoft discovered attacks attempting to exploit this vulnerability with specially crafted software packages. especially, including the famous Emotet malware," Microsoft shared.
According to Microsoft, hackers will create an attachment containing malicious code to use in phishing campaigns. Next, the hacker will spread this attachment in spam emails with content that entices users to open them.
How to not be affected by Windows AppX Installer vulnerability?
To prevent hackers, Windows users need to install a patched version of Microsoft Desktop Installer on their platform:
- Microsoft Desktop Installer 1.16 for Windows 10 version 1809 or later
- Microsoft Desktop Installer 1.11 for Windows 10 version 1709 or 1803
Microsoft also provides mitigations for customers who are unable to immediately install Microsoft Desktop Installer updates.
Those measures include enabling BlockNonAdminUserInstall to prevent non-Administrator users from installing Windows App packages and AllowAllTrustedAppToInstall to block installs from apps outside of the Microsoft Store.
You should read it
- Microsoft allows users to reactivate Windows App installer
- How to turn off Windows Installer to block MSI package
- How to fix corrupted macOS installer errors
- Fix Opera installer crashes downloading on Windows
- Microsoft urgently patched zero-day vulnerability after 2 years of refusing to acknowledge it
- How to download a Windows installer, Office directly from Microsoft
- App Installer on Windows 10 was used to install BazarLoarder malware
- 'Printer Catastrophe' Vulnerability Threatens All Versions of Windows
- VMware patches RCE Spring4Shell vulnerability on a wide range of products
- Detects a vulnerability that threatens all Windows computers shipped from 2012 up to now
- How to fix the 'Problem With This Windows Installer Package' error
- New zero-day vulnerability warning in Windows Search, Windows protocol nightmare getting worse
Maybe you are interested
What is Microsoft Azure Certification?
Cybercriminals are using Microsoft Teams calls to commit fraud
Microsoft officially supports sharing files from iPhone to Windows using Phone Link application
Microsoft 365 Android PDF Viewer shows ads, even with subscription
10 Useful Table Formatting Tips in Microsoft Word
Here's everything Microsoft knows about your PC!