Microsoft Released a Windows Update to Address the 0-Day Exploit

Windows 10 update history
Share It On:

15th December 2021, Kathmandu

Microsoft has released a Windows update to address the 0-Day exploit used to spread the Emotet malware.

Microsoft has released Patch Tuesday upgrades to fix a number of security flaws in Windows and other applications, including one that is being actively exploited to deliver malware payloads such as Emotet, TrickBot, and Bazaloader.

According to the Zero Day Initiative, the newest monthly release for December resolves a total of 67 issues, increasing the total number of bugs patched by the corporation this year to 887.

Seven of the 67 faults are classified as critical, while the remaining 60 are classified as important, with five of the flaws being publicly known at the time of publication.

This is in addition to the 21 issues in the Chromium-based Microsoft Edge browser that have been fixed.

CVE-2021-43890 (CVSS score: 7.1) is the most serious of the bunch, a Windows AppX installer spoofing vulnerability that Microsoft claims could be exploited to gain arbitrary code execution.

Because code execution is dependent on the logged-on user level, “users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user privileges,” the lower severity rating reflects this.

An attacker might exploit the issue by creating a malicious attachment and using it as part of a phishing effort to deceive users into opening the email attachment, according to the Redmond-based tech giant.

The vulnerability was discovered by Sophos security researchers Andrew Brandt, Rick Cole, and Nick Carr of the Microsoft Threat Intelligence Center (MSTIC).

“Microsoft is aware of attempts that seek to exploit this issue by using specially constructed packages that include the Emotet/ Trickbot/ Bazaloader malware family,” the company stated.

Following a coordinated law enforcement operation to cripple the botnet’s spread, Emotet malware attacks are experiencing a rebound in activity after a more than 10-month pause.

Other problems that have been made public are listed under —

 CVE-2021-43240 (CVSS score: 7.8) — NTFS Named the Vulnerability Elevation of Privilege Vulnerability

CVE-2021-43883 (CVSS rating: 7.8) – Elevation of Privilege Vulnerability in Windows Installer

CVE-2021-41333 (CVSS score: 7.8) – Elevation of Privilege Vulnerability in Windows Print Spooler

CVE-2021-43893(CVSS rating: 7.5) – Elevation of Privilege Vulnerability in Windows Encrypting File Method (EFS)

CVE-2021-43880 (CVSS score: 5.5) – Vulnerability in Windows Mobile Machine Administration Privilege Escalation

In addition to critical bugs affecting iSNS Server (CVE-2021-43215), 4K Wi-Fi Display screen Adapter (CVE-2021-43899), Visual Studio Code WSL Extension (CVE-2021-43907), Workplace app (CVE-2021-43905), Windows Encrypting File Technique (CVE-2021-43217), Distant Desktop Consumer (CVE-2021-43233), and SharePoint Server, the December patch includes fixes for 10 remote code execution flaws in (CVE-2021-42309).


Share It On:

Recent Posts

Bajaj Platina Mileage Champion 2024: Dhangadhi Event Winners, Performance Highlights, and Fuel Efficiency Showcase

Bajaj Platina Mileage Champion 2024: Dhangadhi Event Winners, Performance Highlights,

Share It On: 25th December 2024, Kathmandu The ‘Bajaj Mileage Champion’ event took place in Dhangadhi, Kailali, where local riders

inDrive Partners with ICT Award 2024, Supports Innovation in Nepal’s Startup Ecosystem

inDrive Partners with ICT Award 2024, Supports Innovation in Nepal’s

Share It On:25th December 2024, kathmandu inDrive a global mobility and urban services platform, is proud to announce the winner of

Citizens Bank Easy Dental Partnership: Exclusive Discounts for Customers

Citizens Bank Easy Dental Partnership: Exclusive Discounts for Customers

Share It On: 25th December 2024, Kathmandu Citizens Bank International Ltd. has entered into a partnership with Easy Dental Pvt.

Bajaj Motorcycle Finance Fair 2024 in Nepal: Low Interest Rates & Easy Loan Approval

Bajaj Motorcycle Finance Fair 2024 in Nepal: Low Interest Rates

Share It On:25th December 2024, Kathmandu Hansraj Hulaschand & Company Pvt. Ltd., the official dealer of Bajaj Motorcycles in Nepal,

Daraz Nepal 1.1 Sale Offers Free Delivery, Up to 70% Off, and Exclusive Vouchers

Daraz Nepal 1.1 Sale Offers Free Delivery, Up to 70%

Share It On:25th December 2024, Kathmandu Daraz, the leading e-commerce platform in Nepal, is kicking off the New Year with

PhonePe Launches ‘Net Set Go’ Campaign: Win One Year of Free Internet

PhonePe Launches ‘Net Set Go’ Campaign: Win One Year of

Share It On:25th December 2024, Kathmandu PhonePe, the mobile banking app, has launched the ‘Net Set Go’ campaign in Nepal.