15th December 2021, Kathmandu
Microsoft has released a Windows update to address the 0-Day exploit used to spread the Emotet malware.
Microsoft has released Patch Tuesday upgrades to fix a number of security flaws in Windows and other applications, including one that is being actively exploited to deliver malware payloads such as Emotet, TrickBot, and Bazaloader.
According to the Zero Day Initiative, the newest monthly release for December resolves a total of 67 issues, increasing the total number of bugs patched by the corporation this year to 887.
Seven of the 67 faults are classified as critical, while the remaining 60 are classified as important, with five of the flaws being publicly known at the time of publication.
This is in addition to the 21 issues in the Chromium-based Microsoft Edge browser that have been fixed.
CVE-2021-43890 (CVSS score: 7.1) is the most serious of the bunch, a Windows AppX installer spoofing vulnerability that Microsoft claims could be exploited to gain arbitrary code execution.
Because code execution is dependent on the logged-on user level, “users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user privileges,” the lower severity rating reflects this.
An attacker might exploit the issue by creating a malicious attachment and using it as part of a phishing effort to deceive users into opening the email attachment, according to the Redmond-based tech giant.
The vulnerability was discovered by Sophos security researchers Andrew Brandt, Rick Cole, and Nick Carr of the Microsoft Threat Intelligence Center (MSTIC).
“Microsoft is aware of attempts that seek to exploit this issue by using specially constructed packages that include the Emotet/ Trickbot/ Bazaloader malware family,” the company stated.
Following a coordinated law enforcement operation to cripple the botnet’s spread, Emotet malware attacks are experiencing a rebound in activity after a more than 10-month pause.
Other problems that have been made public are listed under —
CVE-2021-43240 (CVSS score: 7.8) — NTFS Named the Vulnerability Elevation of Privilege Vulnerability
CVE-2021-43883 (CVSS rating: 7.8) – Elevation of Privilege Vulnerability in Windows Installer
CVE-2021-41333 (CVSS score: 7.8) – Elevation of Privilege Vulnerability in Windows Print Spooler
CVE-2021-43893(CVSS rating: 7.5) – Elevation of Privilege Vulnerability in Windows Encrypting File Method (EFS)
CVE-2021-43880 (CVSS score: 5.5) – Vulnerability in Windows Mobile Machine Administration Privilege Escalation
In addition to critical bugs affecting iSNS Server (CVE-2021-43215), 4K Wi-Fi Display screen Adapter (CVE-2021-43899), Visual Studio Code WSL Extension (CVE-2021-43907), Workplace app (CVE-2021-43905), Windows Encrypting File Technique (CVE-2021-43217), Distant Desktop Consumer (CVE-2021-43233), and SharePoint Server, the December patch includes fixes for 10 remote code execution flaws in (CVE-2021-42309).