"Microsoft Fixes Spoofing Flaw Used in Emotet Attacks"

Microsoft has fixed a spoofing vulnerability that was found in its Windows AppX Installer, which attackers were actively exploiting. According to Microsoft, attackers were using specially crafted packages that downloaded the Emotet, Trickbot, and Bazaloader malware families in an attempt to exploit the vulnerability (CVE-2021-43890). The exploitation of the flaw allows malicious actors to craft malicious attachments that they can use in phishing campaigns by luring an email recipient into opening the attachment. The flaw exists in AppX Installer, which is used to install AppX apps on Windows 10 systems. It is one of more than 60 flaws patched on Tuesday by Microsoft as part of the company's regularly scheduled security release. Seven of these vulnerabilities have been ranked as critical-severity remote code execution bugs. One of the more severe vulnerabilities exists in the iSNS Server, ranking 9.8 out of 10 on the CVSS scale. The Internet Storage Name Service (iSNS) protocol maintains data about active Internet Small Computer System Interface (iSCSI) devices connected to the network. Microsoft said that the exploitation of this flaw (CVE-2021-43215) is more likely because an attacker could send a specially crafted request to the iSNS server, resulting in remote code execution. Another critical-severity flaw addressed by Microsoft exists in the Microsoft 4K Wireless Display Adapter, which could enable an unauthenticated attacker to send specially crafted packets to a vulnerable device. Although this flaw (CVE-2021-43899) has a 9.8 CVSS score ranking, its exploitation is said to be less likely since an attacker would have to be on the same network as the Microsoft 4K Display Adapter. This article continues to discuss the spoofing flaw in Microsoft's AppX installer and other vulnerabilities that the company has now addressed. 

Decipher reports "Microsoft Fixes Spoofing Flaw Used in Emotet Attacks"