Microsoft has fixed Windows AppX Installer Spoofing Vulnerability exploited by the Emotet malware family
The Microsoft Security Response Center recently issued an announcement announcing the fixes to CVE-2021-43890 and other vulnerabilities, some of which have been exploited by hackers before.
The security vulnerability numbered CVE-2021-43890 is Windows AppX Installer spoofing vulnerability, which can be exploited remotely and attacked through low-privileged accounts.
This vulnerability is mainly exploited by the notorious Emotet/Trickbot/Balaloader malware family, but it requires complicated work to exploit it.
Including attackers need to use special software packages to induce users to download and open, and the harm caused by low-privileged accounts is lower than that of administrator-privileged accounts.
Prior to this, Microsoft has observed that attackers use fake Adobe PDF to spread malware, but it has not been determined that it is using the CVE-2021-43890 vulnerability.
The latest details shared by the Microsoft Security Response Center confirm that the relevant attack is the same as the strategy used by Emotet, so it is basically possible to determine the previous instigator.
Windows Appx is a framework used by Microsoft to install UWP applications, so the disguised Adobe PDF is also displayed when installing the UWP interface.
The main target is Windows 10. When the user installs malicious software, the system will be automatically added with multiple loads to install more malicious software with specific functions.
The related vulnerabilities have been fixed in the cumulative security update released today, but if the company cannot deploy the update in time, it can be temporarily mitigated through the program.
For example, you can enable the BlockNonAdminUserInstall policy to prevent non-administrator users from installing any Windows Appx applications.
You can also enable the AllowAllTrustedAppToInstall policy to prevent users from installing programs from outside the store, that is, you can only install from the Microsoft Store if you want to install it.
Of course, the easiest way is to install the latest cumulative update directly. After the update is installed, the system will automatically update the Appx to the latest version.
