Microsoft Windows 10—Update Now Warning For Millions As Attackers Strike – Forbes

Microsoft Windows 10—Update Now Warning For Millions As Attackers Strike – Forbes

Microsoft Windows 10—Update Now Warning For Millions As Attackers Strike – Forbes 2048 1414 charlie

Most information security professionals are scrambling to deal with the ongoing and truly scary Log4J (also known as Log4Shell) vulnerability. But, sadly, Log4J is not the only shark in the security swimming pool: millions of Windows 10 users need to be aware of one zero-day threat in particular.
The bad news is that attackers are already exploiting CVE-2021-43890 to install the very nasty Emotet, or Trickbot, credential-stealing malware. The good news is that Microsoft has the fix, and you need to apply it. Now.
Yes, this week sees Microsoft’s final Patch Tuesday round of security fixes in 2021, and it’s a big one. In all, more than sixty vulnerabilities have been addressed across the Microsoft product range, including Windows, Visual Studio, Office, PowerShell and SharePoint Server, to name but a few. Seven of the patched vulnerabilities have been given a critical rating, and there are six zero-days fixed for good measure.
However, of concern to millions of Windows 10 users is that zero-day, publicly disclosed, and exploited by attackers in the wild. CVE-2021-43890 is a spoofing vulnerability in the Windows AppX installer and is being used to deliver some genuinely gruesome malware.
Exploits take the form of malicious software packages installed when unsuspecting users open infected documents and the like. Obviously, those users with admin account rights will be most at risk here. That said, when chained with another exploit it could be possible to impact those with fewer user rights to gain enough privilege to execute the malware code.
You know what to do, install that Windows update ASAP
Microsoft has confirmed that exploitation is already ongoing: “Microsoft is aware of attacks that attempt to exploit this vulnerability by using specially crafted packages that include the malware family known as Emotet/Trickbot/Bazaloader,” it stated in the latest security update guide.
“Given the critical nature of this vulnerability and the fact that there is active exploitation,” Chad McNaughton, technical community manager at Automox, said, “organizations should take immediate action to remediate within the next 24 hours.”
That warning was given, dear reader, on 14 December. The clock is, therefore, well and truly ticking on this one.
The remaining zero-day vulnerabilities that have been addressed by Microsoft this Patch Tuesday are:

Here’s hoping you have the happiest holiday season you can. Given everything that’s going on in the world right now, I appreciate it is perhaps a more stressful time of the year than we’d like. So don’t let Windows security issues add to that anxiety, install that update now.


    Would you like to receive notifications on latest updates? No Yes