Most information security professionals are scrambling to deal with the ongoing and truly scary Log4J (also known as Log4Shell) vulnerability. But, sadly, Log4J is not the only shark in the security swimming pool: millions of Windows 10 users need to be aware of one zero-day threat in particular.
The bad news is that attackers are already exploiting CVE-2021-43890 to install the very nasty Emotet, or Trickbot, credential-stealing malware. The good news is that Microsoft has the fix, and you need to apply it. Now.
Yes, this week sees Microsoft's final Medicines Tuesday round of security fixes in 2021, and it's a big one. In all, more than sixty vulnerabilities have been addressed across the Microsoft product range, including Windows, Visual Studio, Office, PowerShell and SharePoint Server, to name but a few. Seven of the patched vulnerabilities have been given a critical rating, and there are six zero-days fixed for good measure.
However, of concern to millions of Windows 10 users is that zero-day, publicly disclosed, and exploited by attackers in the wild. CVE-2021-43890 is a spoofing vulnerability in the Windows AppX installer and is being used to deliver some genuinely gruesome malware.
Exploits take the form of malicious software packages installed when unsuspecting users open infected documents and the like. Obviously, those users with admin account rights will be most at risk here. That said, when chained with another exploit it could be possible to impact those with fewer user rights to gain enough privilege to execute the malware code.
Microsoft has confirmed that exploitation is already ongoing: "Microsoft is aware of attacks that attempt to exploit this vulnerability by using specially crafted packages that include the malware family known as Emotet/Trickbot/Bazaloader," it stated in the latest security update guide.
"Given the critical nature of this vulnerability and the fact that there is active exploitation," Chad McNaughton, technical community manager at Automox, said, "organizations should take immediate action to remediate within the next 24 hours."
That warning was given, dear reader, on 14 December. The clock is, therefore, well and truly ticking on this one.
The remaining zero-day vulnerabilities that have been addressed by Microsoft this Medicines Tuesday are:
CVE-2021-43240 is an elevation of privilege vulnerability affecting Windows 10, Windows 11 and Windows Server users.
CVE-2021-41333 is an elevation of privilege vulnerability affecting Windows 10, Windows 11 and Windows Server users.
CVE-2021-43880 is an elevation of privilege vulnerability affecting Windows 11 users.
CVE-2021-43883 is an elevation of privilege vulnerability affecting Windows 10, Windows 11 and Windows Server users.
CVE-2021-43893 is an elevation of privilege vulnerability affecting Windows 10, Windows 11 and Windows Server users.
The bad news is that attackers are already exploiting CVE-2021-43890 to install the very nasty Emotet, or Trickbot, credential-stealing malware. The good news is that Microsoft has the fix, and you need to apply it. Now.
Yes, this week sees Microsoft's final Medicines Tuesday round of security fixes in 2021, and it's a big one. In all, more than sixty vulnerabilities have been addressed across the Microsoft product range, including Windows, Visual Studio, Office, PowerShell and SharePoint Server, to name but a few. Seven of the patched vulnerabilities have been given a critical rating, and there are six zero-days fixed for good measure.
However, of concern to millions of Windows 10 users is that zero-day, publicly disclosed, and exploited by attackers in the wild. CVE-2021-43890 is a spoofing vulnerability in the Windows AppX installer and is being used to deliver some genuinely gruesome malware.
Exploits take the form of malicious software packages installed when unsuspecting users open infected documents and the like. Obviously, those users with admin account rights will be most at risk here. That said, when chained with another exploit it could be possible to impact those with fewer user rights to gain enough privilege to execute the malware code.
Microsoft has confirmed that exploitation is already ongoing: "Microsoft is aware of attacks that attempt to exploit this vulnerability by using specially crafted packages that include the malware family known as Emotet/Trickbot/Bazaloader," it stated in the latest security update guide.
"Given the critical nature of this vulnerability and the fact that there is active exploitation," Chad McNaughton, technical community manager at Automox, said, "organizations should take immediate action to remediate within the next 24 hours."
That warning was given, dear reader, on 14 December. The clock is, therefore, well and truly ticking on this one.
The remaining zero-day vulnerabilities that have been addressed by Microsoft this Medicines Tuesday are:
CVE-2021-43240 is an elevation of privilege vulnerability affecting Windows 10, Windows 11 and Windows Server users.
CVE-2021-41333 is an elevation of privilege vulnerability affecting Windows 10, Windows 11 and Windows Server users.
CVE-2021-43880 is an elevation of privilege vulnerability affecting Windows 11 users.
CVE-2021-43883 is an elevation of privilege vulnerability affecting Windows 10, Windows 11 and Windows Server users.
CVE-2021-43893 is an elevation of privilege vulnerability affecting Windows 10, Windows 11 and Windows Server users.
