Microsoft’s newest security updates patches a high-severity Windows zero-day vulnerability threat actors are exploiting to distribute Emotet malware. The vulnerability, tracked as CVE-2021-43890, spoofs a security flaw in Windows AppX Installer that allows a threat actor to conduct a complex attack with lower user privileges. According to Microsoft, “an attacker could craft a malicious attachment to be used in phishing campaigns. The attacker would then have to convince the user to open the specially crafted attachment. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."

WaterISAC previously reported about the revival of Emotet and their adoption of new tools and delivery methods. The vulnerability was recently added to CISA’s known exploited vulnerabilities list. To defend against exploitation attempts, Windows users need to install the patched version of Microsoft Desktop Installer. This story serves to further highlight the importance of regularly patching to stay ahead of threat actors looking for vulnerable systems. Read more at TheRecord or at BleepingComputer.