Microsoft Released a Windows Update to Address the 0-Day Exploit

Windows 10 update history
Share It On:

15th December 2021, Kathmandu

Microsoft has released a Windows update to address the 0-Day exploit used to spread the Emotet malware.

Microsoft has released Patch Tuesday upgrades to fix a number of security flaws in Windows and other applications, including one that is being actively exploited to deliver malware payloads such as Emotet, TrickBot, and Bazaloader.

According to the Zero Day Initiative, the newest monthly release for December resolves a total of 67 issues, increasing the total number of bugs patched by the corporation this year to 887.

Seven of the 67 faults are classified as critical, while the remaining 60 are classified as important, with five of the flaws being publicly known at the time of publication.

This is in addition to the 21 issues in the Chromium-based Microsoft Edge browser that have been fixed.

CVE-2021-43890 (CVSS score: 7.1) is the most serious of the bunch, a Windows AppX installer spoofing vulnerability that Microsoft claims could be exploited to gain arbitrary code execution.

Because code execution is dependent on the logged-on user level, “users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user privileges,” the lower severity rating reflects this.

An attacker might exploit the issue by creating a malicious attachment and using it as part of a phishing effort to deceive users into opening the email attachment, according to the Redmond-based tech giant.

The vulnerability was discovered by Sophos security researchers Andrew Brandt, Rick Cole, and Nick Carr of the Microsoft Threat Intelligence Center (MSTIC).

“Microsoft is aware of attempts that seek to exploit this issue by using specially constructed packages that include the Emotet/ Trickbot/ Bazaloader malware family,” the company stated.

Following a coordinated law enforcement operation to cripple the botnet’s spread, Emotet malware attacks are experiencing a rebound in activity after a more than 10-month pause.

Other problems that have been made public are listed under —

 CVE-2021-43240 (CVSS score: 7.8) — NTFS Named the Vulnerability Elevation of Privilege Vulnerability

CVE-2021-43883 (CVSS rating: 7.8) – Elevation of Privilege Vulnerability in Windows Installer

CVE-2021-41333 (CVSS score: 7.8) – Elevation of Privilege Vulnerability in Windows Print Spooler

CVE-2021-43893(CVSS rating: 7.5) – Elevation of Privilege Vulnerability in Windows Encrypting File Method (EFS)

CVE-2021-43880 (CVSS score: 5.5) – Vulnerability in Windows Mobile Machine Administration Privilege Escalation

In addition to critical bugs affecting iSNS Server (CVE-2021-43215), 4K Wi-Fi Display screen Adapter (CVE-2021-43899), Visual Studio Code WSL Extension (CVE-2021-43907), Workplace app (CVE-2021-43905), Windows Encrypting File Technique (CVE-2021-43217), Distant Desktop Consumer (CVE-2021-43233), and SharePoint Server, the December patch includes fixes for 10 remote code execution flaws in (CVE-2021-42309).


Share It On:

Recent Posts

NRB’s NPR 6.8 Billion Investment: Strengthening Nepal’s Financial Future and Banking Stability

NRB’s NPR 6.8 Billion Investment: Strengthening Nepal’s Financial Future and

Share It On:23rd November 2024, Kathmandu Nepal’s Central Bank, Nepal Rastra Bank (NRB), has announced a significant investment of NPR

Nepal’s ADB Prioritizes Farmers’ Welfare for Economic Growth and Agricultural Development

Nepal’s ADB Prioritizes Farmers’ Welfare for Economic Growth and Agricultural

Share It On: 23rd November 2024, Kathmandu The Agricultural Development Bank (ADB) is recognized as a vital institution for Nepal’s

Ridi Power’s 23rd AGM Concludes: Key Decisions, Investments, and Future Outlook

Ridi Power’s 23rd AGM Concludes: Key Decisions, Investments, and Future

Share It On: 23rd November 2024, Kathmandu Ridi Power Company Limited wrapped up its annual shareholder meeting, the 23rd Annual

Nepal Oman Financial Ties Strengthen: Omani Rial Now Legal Tender In Nepal

Nepal Oman Financial Ties Strengthen: Omani Rial Now Legal Tender

Share It On: 22nd November 2024, Kathmandu A significant step has been taken towards strengthening financial ties between Nepal and

Liberty Energy Rights Shares Offering: Eligibility, Application Process, and Future Plans

Liberty Energy Rights Shares Offering: Eligibility, Application Process, and Future

Share It On:22nd November 2024, Kathmandu Liberty Energy Company Limited is gearing up to issue rights shares starting December 1,

Asha Laghubitta’s 8th AGM 2024: Key Decisions and Future Plans

Asha Laghubitta’s 8th AGM 2024: Key Decisions and Future Plans

Share It On:22nd November 2024, Kathmandu Asha Laghubitta Bittiya Sanstha is holding its 8th Annual General Meeting (AGM) today, November