Microsoft Patches Windows AppX Installer Spoofing Vulnerability

By Jake Heberling
Desktop & Applications Engineer

On Tuesday, December 14, 2021, Microsoft released security updates to address 67 CVEs, seven of which are rated as critical, including a zero-day vulnerability in the Windows AppX Installer that is already seeing active exploitation. This is being tracked as CVE-2021-43890 and has a CVSS score of 7.1 out of 10, marking it as high severity.

Vulnerability Details:

Microsoft has investigated reports of a spoofing vulnerability in the AppX installer for Windows 10. Attacks have been observed that attempt to exploit this vulnerability by using specially crafted packages to deliver multiple malware families including Emotet, Trickbot, and BazarLoader. In an attack scenario commonly used in phishing campaigns, a malicious attachment — such as a PDF file — would be attached to or linked in an e-mail that appears to be legitimate. Opening this attachment would lead to the deployment of malware on the user’s system.

Helient strongly recommends patching this vulnerability as soon as possible. If you have any questions or would like technical assistance with remediation, please contact our industry leading experts at service@helient.com.