winbuzzer.com
Open in
urlscan Pro
2a00:1158:5:79c::
Public Scan
URL:
https://winbuzzer.com/2021/12/15/microsoft-december-2021-patch-tuesday-brings-fix-for-active-exploit-zero-day-xcxwbn/
Submission: On December 16 via api from US — Scanned from FR
Submission: On December 16 via api from US — Scanned from FR
Form analysis 3 forms found in the DOM
GET https://winbuzzer.com/
<form method="get" class="td-search-form" action="https://winbuzzer.com/">
<div class="td-search-close"> <a href="#"><i class="td-icon-close-mobile"></i></a> </div>
<div role="search" class="td-search-input"> <span>Search</span> <input id="td-header-search-mob" type="text" value="" name="s" autocomplete="off"> </div>
</form>POST #
<form action="#" method="post">
<div class="td-login-inputs"><input class="td-login-input" autocomplete="username" type="text" name="login_email" id="login_email" value="" required=""><label for="login_email">your username</label></div>
<div class="td-login-inputs"><input class="td-login-input" autocomplete="current-password" type="password" name="login_pass" id="login_pass" value="" required=""><label for="login_pass">your password</label></div> <input type="button"
name="login_button" id="login_button" class="wpb_button btn td-login-button" value="Login">
</form>GET https://winbuzzer.com/
<form method="get" class="td-search-form-widget" action="https://winbuzzer.com/">
<div role="search"> <input class="td-widget-search-input" type="text" value="" name="s" id="s"><input class="wpb_button wpb_btn-inverse btn" type="submit" id="searchsubmit" value="Search"> </div>
</form>Text Content
* Windows 10
* Windows 11
* Office
* Azure
* Xbox
* Hardware
* Surface
* Surface Pro
* Surface Go
* Surface Laptop
* Surface Book
* Surface Duo
* Surface Neo
* Surface Studio
* Surface Hub
* Surface Pen
* Surface Headphones
* Surface Earbuds
* HoloLens
* About WinBuzzer
* About WinBuzzer
* Contact Us
* Follow Us: PUSH, Feeds, Social
* Write for Us
* Cookie Policy and Privacy Policy
* Terms of Service
Search
Sign in
Welcome! Log into your account
your username
your password
Forgot your password? Get help
Password recovery
Recover your password
your email
A password will be e-mailed to you.
WinBuzzer
* Windows 10
* Windows 11
* Office
* Azure
* Xbox
* Hardware
* Surface
* Surface Pro
* Surface Go
* Surface Laptop
* Surface Book
* Surface Duo
* Surface Neo
* Surface Studio
* Surface Hub
* Surface Pen
* Surface Headphones
* Surface Earbuds
* HoloLens
* About WinBuzzer
* About WinBuzzer
* Contact Us
* Follow Us: PUSH, Feeds, Social
* Write for Us
* Cookie Policy and Privacy Policy
* Terms of Service
Home WinBuzzer News Microsoft December 2021 Patch Tuesday Brings Fix for Active
Emotet Exploit Zero-Day
* WinBuzzer News
MICROSOFT DECEMBER 2021 PATCH TUESDAY BRINGS FIX FOR ACTIVE EMOTET EXPLOIT
ZERO-DAY
Microsoft’s December 2021 Patch Tuesday tackles remerging Emotet malware that is
targeting a Windows AppX Installer Vulnerability.
By
Luke Jones
-
December 15, 2021 3:16 pm CET
Facebook
Twitter
Pinterest
WhatsApp
Microsoft rolled out its December 2021 Patch Tuesday updates yesterday. As
usual, dozens of fixes (67 in total) were included in the cumulative updates,
including one for a zero-day vulnerability that is already being exploited in
the wild.
This flaw is concerning because it sends the Emotet Trickbot to unsuspecting
users through a fake application. Microsoft has been tracking the vulnerability
as CVE-2021-43890 and given it an “important” rating.
Microsoft describes the problem as a spoofing vulnerability found in the Windows
AppX Installer. This means it affects Windows 10 apps. Windows AppX Installer is
available from the App Store an allows users to side-load Windows applications.
Advertisement
Attackers can exploit the vulnerability by creating a package file and modifying
it to look like a real application. Instead, it is loaded with the Emotet
trickbot malware.
Yes, that’s the same Emotet that Microsoft declared war on and removed earlier
this year. However, it has since made a comeback. Emotet is a relatively old and
solvable trojan that has been around since 2014. However, threat actors have
evolved the botnet to become the most dangerous in circulation.
It is used by a threat group known as Mummy Spider (TA542) to deploy other
malware types such as Trickbot.
FIX
Microsoft says the December 2021 Patch Tuesday fix should shore app Windows AppX
Installer and fake packages will no longer appear legitimate. However, the
company points out the patch does not stop the threat actors from sending the
files.
The Patch Tuesday Cumulative updates for December 2021 are rolling out now.
Amongst the 67 fixes are patches covering vulnerabilities in Microsoft Edge,
Microsoft Office, SharePoint, Windows, Azure Bot Framework SDK, Visual Studio,
ASP.NET Core, Microsoft Defender for IoT, and more.
Tip of the day: Whether it’s for a presentation, song, or YouTube video, at some
point in your life you’ll need to record audio from your computer. Windows 11
has multiple options to record sound due to its litany of apps. In our tutorial,
we show you how to record audio using the built-in Windows 10 Voice Recorder and
the freeware audio editor Audacity.
Advertisement
VIAThreatPost
SOURCEMicrosoft Security
* TAGS
* App Store
* Cybersecurity
* December 2021 Patch Tuesday
* Emotet
* Microsoft Security
* Windows
* Windows 10
* Windows AppX Installer
Facebook
Twitter
Pinterest
WhatsApp
Previous articleMicrosoft Teams End-to-End Encryption for One-to-One Calls
Arrives with Compromises
Luke Jones
Luke has been writing about all things tech for more than five years. He is
following Microsoft closely to bring you the latest news about Windows, Office,
Azure, Skype, HoloLens and all the rest of their products.
RELATED ARTICLESMORE FROM AUTHOR
GOOGLE THWARTS GLUPTEBA BOTNET AND SEEKS LEGAL ACTION AGAINST ITS OPERATORS
MICROSOFT SECURITY INVESTIGATING LOG4SHELL EXPLOIT, WHICH COULD AFFECT HUNDREDS
OF MILLIONS OF DEVICES
MICROSOFT DIGITAL CRIMES UNIT TAKES DOWN DOMAINS TARGETING GOVERNMENTS
FOLLOW US
HOW-TO
HOW TO RECORD AUDIO ON WINDOWS 11 / WINDOWS 10 WITH...
December 15, 2021 11:50 am CET
HOW TO UNBLOCK DOWNLOADS IN WINDOWS 11
December 14, 2021 4:38 pm CET
Load more
LATEST NEWS
MICROSOFT DECEMBER 2021 PATCH TUESDAY BRINGS FIX FOR ACTIVE EMOTET EXPLOIT
ZERO-DAY
Luke Jones - December 15, 2021 3:16 pm CET
MICROSOFT TEAMS END-TO-END ENCRYPTION FOR ONE-TO-ONE CALLS ARRIVES WITH
COMPROMISES
December 15, 2021 1:52 pm CET
FORMER MICROSOFT CLOUD EXEC SCORES FUNDING FOR DAZZ STARTUP
December 14, 2021 5:15 pm CET
GOOGLE THWARTS GLUPTEBA BOTNET AND SEEKS LEGAL ACTION AGAINST ITS OPERATORS
December 14, 2021 4:40 pm CET
Load more
Advertisement
* About WinBuzzer
* Contact Us
* Write for Us
* Terms of Service
* Cookie Policy and Privacy Policy
* About WinBuzzer
* Contact Us
* Write for Us
* Terms of Service
* Cookie Policy and Privacy Policy
© WinBuzzer 2017