Microsoft Patches Zero-Day Spreading Emotet Malware

  /     /     /  
Publicated : 23/11/2024   Category : security


Microsoft Patches Zero-Day Spreading Emotet Malware


The December rollout includes 67 security patches and addresses one zero-day and five more publicly known vulnerabilities.



Microsoft today released its final Patch Tuesday rollout of 2021 with 67 security fixes, one of which patched a zero-day vulnerability spreading Emotet malware and five of which are now publicly known but not yet exploited.
Todays fixes address bugs in several Microsoft products and services, including Windows, Azure Bot Framework SDK, Defender for IoT, Microsoft Office and Office Components, SharePoint Server, PowerShell, Remote Desktop Client, Windows Hyper-V, Windows Mobile Device Management, Windows Update Stack, ASP.NET Core and Visual Studio, and Windows Hyper-V.
Its worth noting that Microsoft also patched 16 CVEs in its Chromium-based Edge browser earlier this month. This ups its December patch total to 83 vulnerabilities and its yearly total to 887, which marks a 29% drop from 2020, notes Dustin Childs of Trend Micros Zero-Day Initiative in a
Dec. 14 blog post
.
The flaw being actively exploited (
CVE-2021-43890
) is a spoofing bug in the AppX installer that affects Windows. Microsoft says its aware of attacks that attempt to exploit this vulnerability by using specially crafted packages that include the malware family known as Emotet/Trickbot/Bazaloader. An attacker could create a malicious attachment to use in a phishing campaign and then convince a victim to open the attachment. Victims with fewer user rights may be less affected than those who operate with full admin rights.
Another vulnerability worth prioritizing is
CVE-2021-43215
, a remote code execution flaw in the Internet Storage Name Service (iSNS) that could allow an attacker to execute code if they send a specially crafted request to a vulnerable server. The iSNS is a client-server protocol that allows clients to query an iSNS database. This bug has low attack complexity, requires low privileges and no user interaction, and has a CVSS score of 8.8.
As this protocol is used to facilitate data storage over the network, it would be a high-priority target for attackers looking to damage an organizations ability to recover from attacks like ransomware, says Kevin Breen, director of cyber threat research at Immersive Labs. These services are also typically trusted from a network perspective — which is another reason attackers would choose this kind of target.
Breen also notes the flaw is critical to patch for those operating iSNS services, but this isnt a default component, so check before bumping it up the priority list.
CVE-2021-43883
is a publicly known elevation of privilege vulnerability in Windows Installer. It has a CVSS score of 7.1 and is considered exploitation more likely by Microsoft, with low attack complexity, low privileges, and no user interaction required. This flaw affects both server and desktop versions of Windows and could allow a local user to escalate their privileges.
Windows Privilege Escalation Bugs
The other publicly known vulnerabilities this month are all elevation of privilege flaws that exist in Windows Encrypting File System (
CVE-2021-43893
), NTFS Set Short Name (
CVE-2021-43240
), Windows Mobile Device Management (
CVE-2021-43880
), and Windows Print Spooler (
CVE-2021-41333
).
Microsoft Office RCE vulnerability
CVE-2021-43905
stands out both for its high CVSS score of 9.6 and a classification of exploitation more likely from Microsoft. An attack would require low attack complexity and no privileges, though user interaction is required. Microsoft notes in its release that the Preview Pane is not an attack vector for this flaw, and the Microsoft Store will automatically update affected users. It does not specify how an attack for this might work or the immediate risk — which could make things tough for infosec teams, Breen notes.
This can make it difficult for security teams to prioritize or put mitigations in place if quick patching is not available — especially when security teams are already tied down with other critical patching, he explains. And with many security pros tied up patching the recently disclosed
Log4j vulnerability
, this could certainly pose an issue for many practitioners.
Another standout in this months roundup is the group of Microsoft Defender for IoT patches. One patch is categorized as critical; another nine are classified as important.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Microsoft Patches Zero-Day Spreading Emotet Malware