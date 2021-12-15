“CVE-2021-43890 is a spoofing vulnerability in the Windows AppX Installer, which is an installer that is used to install APPX apps on Windows 10 systems. According to reports, this vulnerability has been exploited in the wild. It has been linked to attacks associated with the Emotet/TrickBot/Bazaloader family. The Emotet botnet was originally shut down in January, but has since reappeared in November. To exploit this vulnerability, an attacker would need to convince a user to open a malicious attachment, which would likely be conducted through a phishing attack. Once exploited, the vulnerability would grant an attacker elevated privileges, particularly when the victim’s account has administrative privileges on the system. If patching isn’t an option, Microsoft has provided some workarounds to protect against the exploitation of this vulnerability.

“Microsoft also patched CVE-2021-43883, an elevation of privilege vulnerability in Windows Installer. This appears to be a fix for a patch bypass of CVE-2021-41379, another elevation of privilege vulnerability in Windows Installer that was reportedly fixed in November. However, researchers discovered that fix was incomplete, and a proof-of-concept was made public late last month.” – Satnam Narang, Staff Research Engineer, Tenable