Microsoft's December Patch Tuesday includes a fix for a nasty bug that hackers are actively exploiting to install dangerous malware.
Major vulnerability found in Windows
The vulnerability allows hackers to trick desktop users into installing malicious applications by disguising them as legitimate ones. In technical terms, the bug allows hackers to use the built-in Windows App Installer feature, also known as AppX Installer, to spoof legitimate packages, tricking users into intentionally installing malicious packages.
“If the user attempts to install an application that contains malware, such as an Adobe Reader lookalike, it will typically not be presented as a validated package. This is where the vulnerability comes in,” Kevin Breen, Director of Cyber Threat Research at Immersive Labs, explained to Lifewire via email. “This vulnerability allows an attacker to present their malicious package as if it were a legitimate package that has been validated by Adobe and Microsoft.”
Officially tracked by the security community as CVE-2021-43890, the bug essentially made malicious packets from untrusted sources appear safe and trusted. It is precisely because of this behavior that Breen believes this subtle app spoofing vulnerability is the one that most affects desktop users.