Actively Exploited Microsoft Zero-Day Allows App Spoofing, Malware Delivery
Microsoft has addressed a recently discovered vulnerability that was exploited in the wild to deliver Emotet, Trickbot, and other botnets via fake applications. The vulnerability was included in the company’s December Patch Tuesday, along with five other publicly known bugs and seven critical security vulnerabilities. In total, this month’s security updates included a total of 67 fixes, including those for flaws in Visual Studio, Azure Bot Framework SDK, Internet Storage Name Service, Microsoft Office, SharePoint Server, PowerShell, Windows Remote Access Connection Manager, and more.
With the last Patch Tuesday for 2021, Microsoft has issued fixes for 887 vulnerabilities this year, down 29% from 2020. One of the zero-days patched in the vulnerability lies in the Windows AppX Installer and is a spoofing-related flaw. Windows AppX Installer is a utility for sideloading Windows 10 apps. If implemented, the patch should prevent attackers from spoofing packages to appear valid. However, it will not stop them from sending links or attachments to malicious files.