Microsoft Windows users told to update NOW as hackers exploit security loophole to install malware that steal data

MICROSOFT is warning users to update their systems after a vulnerability has allegedly is being exploited by foreign hackers.

Experts are warning Windows users to update their computers after the "CVE-2021-44228” flaw in the software Apache Log4j was found as a vulnerability in credential-stealing malware.

Log4J is not the only security threat that's exposed to Windows users — millions of Windows 10 users now need to be aware of over 60 vulnerabilities that were found in Microsoft's Patch Tuesday round.

International hackers are allegedly exploiting CVE-2021-43890 to install a malicious Emotet or Trickbot that's designed to steal credentials.

Luckily, Microsoft found the bug and has fixed it – but you need to act now.

During the latest round of Microsoft's Patch Tuesday round, over 60 vulnerabilities were found and fixed in its product range, including Windows, Visual Studio, Office, PowerShell and SharePoint Server.

Seven were given a critical rating, and six zero-days were fixed.

However, experts are still warning people to not delay installing the latest Windows update to ensure their device stays up to date.

Most read in Tech

SNAPPY DAYS

Pro photographer shares tips for taking perfect Instagram snaps this Christmas

LOG OFF

Thousands of Facebook users warned over 'spies for hire' that snoop on your account

TAP TIP

You're using WhatsApp wrong – neat trick means you can always find important texts

X MARKS THE SPOT

New Xbox Elite console 'revealed' – and it looks BETTER than a PS5

The CVE-2021-43890 is a spoofing vulnerability in the Windows AppX installer that can be used to deliver pretty nasty malware.

This malicious software package gets installed unsuspectingly by users when they open infected documents and other material.

Those with admin account rights are most at risk – but like all other exploits, Windows is working to stop its detrimental effects from being even more widespread.

Microsoft itself has explained that the exploitation is in effect.

"Microsoft is aware of attacks that attempt to exploit this vulnerability by using specially crafted packages that include the malware family known as Emotet/Trickbot/Bazaloader," the company said in a security guide.

"Given the critical nature of this vulnerability and the fact that there is active exploitation," said Chad McNaughton, technical community manager at Automox, said, "organizations should take immediate action to remediate within the next 24 hours."

Other remaining zero-day vulnerabilities were also found in Microsoft's latest Patch Tuesday.

The majority affected Windows 10 and 11 users while some affected Windows Servers users.

We pay for your stories!

Do you have a story for The US Sun team?

Email us at exclusive@the-sun.com or call 212 416 4552.

Like us on Facebook at www.facebook.com/TheSunUS and follow us from our main Twitter account at @TheSunUS

    Source: Read Full Article