MICROSOFT is warning users to update their systems after a vulnerability has allegedly is being exploited by foreign hackers.
Experts are warning Windows users to update their computers after the “CVE-2021-44228” flaw in the software Apache Log4j was found as a vulnerability in credential-stealing malware.
Log4J is not the only security threat that’s exposed to Windows users — millions of Windows 10 users now need to be aware of over 60 vulnerabilities that were found in Microsoft’s Patch Tuesday round.
International hackers are allegedly exploiting CVE-2021-43890 to install a malicious Emotet or Trickbot that’s designed to steal credentials.
Luckily, Microsoft found the bug and has fixed it – but you need to act now.
During the latest round of Microsoft’s Patch Tuesday round, over 60 vulnerabilities were found and fixed in its product range, including Windows, Visual Studio, Office, PowerShell and SharePoint Server.
Seven were given a critical rating, and six zero-days were fixed.
However, experts are still warning people to not delay installing the latest Windows update to ensure their device stays up to date.
The CVE-2021-43890 is a spoofing vulnerability in the Windows AppX installer that can be used to deliver pretty nasty malware.
This malicious software package gets installed unsuspectingly by users when they open infected documents and other material.
Those with admin account rights are most at risk – but like all other exploits, Windows is working to stop its detrimental effects from being even more widespread.
Microsoft itself has explained that the exploitation is in effect.
“Microsoft is aware of attacks that attempt to exploit this vulnerability by using specially crafted packages that include the malware family known as Emotet/Trickbot/Bazaloader,” the company said in a security guide.
“Given the critical nature of this vulnerability and the fact that there is active exploitation,” said Chad McNaughton, technical community manager at Automox, said, “organizations should take immediate action to remediate within the next 24 hours.”
Other remaining zero-day vulnerabilities were also found in Microsoft’s latest Patch Tuesday.
The majority affected Windows 10 and 11 users while some affected Windows Servers users.
We pay for your stories!
Do you have a story for The US Sun team?