Key Takeaways
- Microsoft tau tshaj tawm qhov kawg Patch Tuesday ntawm lub xyoo.
- Nws kho tag nrho ntawm 67 qhov tsis zoo.
-
Ib qho ntawm qhov tsis zoo tau pab cov neeg nyiag nkas hla cov pob teeb meem raws li cov neeg ntseeg siab.
Perched nyob rau hauv Microsoft lub Kaum Ob Hlis Patch Tuesday yog kho rau cov kab mob me me uas tsis zoo uas cov neeg nyiag nkas tau siv los txhim kho malware txaus ntshai.
Qhov tsis muaj peev xwm ua rau cov neeg nyiag nkas los ntxias cov neeg siv desktop los txhim kho cov ntawv thov tsis zoo los ntawm kev zais lawv ua cov nom tswv. Hauv cov ntsiab lus kev, cov kab no ua rau cov neeg nyiag nkas tuaj yeem tswj hwm lub Windows App Installer built-in feature, tseem hu ua AppX Installer, txhawm rau spoof cov pob raug cai, yog li cov neeg siv txaus siab rau nruab siab phem.
"Feem ntau, yog tias tus neeg siv sim nruab ib daim ntawv thov uas muaj malware, xws li Adobe Reader zoo li, nws yuav tsis tso tawm raws li pob ntawv pov thawj, uas yog qhov chaw muaj qhov tsis zoo los ua si," piav qhia Kevin Breen, Tus Thawj Coj ntawm Cyber Thiab Kev Tshawb Fawb ntawm Immersive Labs, rau Lifewire dhau email. "Qhov kev tsis txaus ntseeg no tso cai rau tus neeg tawm tsam los tso saib lawv cov pob tsis zoo xws li nws yog pob raug cai siv tau los ntawm Adobe thiab Microsoft."
Snake Oil
Tau taug qab los ntawm zej zog kev nyab xeeb raws li CVE-2021-43890, kab laum tseem ceeb ua rau cov pob tsis zoo los ntawm cov chaw tsis ntseeg tau pom muaj kev nyab xeeb thiab ntseeg siab. Nws yog raws nraim vim yog tus cwj pwm no uas Breen ntseeg tias qhov hloov maj mam app spoofing qhov tsis zoo yog qhov cuam tshuam rau cov neeg siv desktop ntau tshaj plaws.
"Nws tsom rau tus neeg tom qab cov keyboard, tso cai rau tus neeg tawm tsam los tsim cov pob teeb tsa uas suav nrog malware zoo li Emotet," hais Breen, ntxiv tias "tus neeg tawm tsam yuav xa qhov no mus rau tus neeg siv ntawm email lossis txuas, zoo ib yam li tus qauv phishing tawm tsam." Thaum tus neeg siv nruab lub pob siab phem, nws yuav nruab qhov malware hloov.
Raws li lawv tau tso tawm thaj ua rau thaj, cov kws tshawb fawb txog kev nyab xeeb ntawm Microsoft Security Response Center (MSRC) tau sau tseg tias cov pob ntawv tsis zoo dhau los siv cov kab no muaj kev cuam tshuam tsis zoo rau cov khoos phis tawj nrog cov neeg siv nyiaj uas tau teeb tsa nrog tsawg tus neeg siv txoj cai, piv rau cov neeg siv uas ua lawv lub computer nrog cov cai tswj hwm.
"Microsoft paub txog kev tawm tsam uas sim siv qhov tsis zoo no los ntawm kev siv cov pob khoom tshwj xeeb uas suav nrog cov tsev neeg malware hu ua Emotet / Trickbot / Bazaloader," taw qhia MSRC (Microsoft Security Research Center) hauv kev hloov kho kev ruaj ntseg..
Rov qab los ntawm Dab Ntxwg Nyoog
Raws li "lub ntiaj teb cov malware txaus ntshai tshaj plaws" los ntawm European Union lub koom haum tub ceev xwm, Europol, Emotet tau pom thawj zaug los ntawm cov kws tshawb fawb hauv xyoo 2014. Raws li lub koom haum, Emotet hloov zuj zus los ua kev hem thawj loj dua thiab txawm tias muab rau ntiav rau lwm tus neeg ua phem hauv cybercriminals los pab nthuav tawm ntau hom malware, xws li ransomware.
Cov koom haum tub ceev xwm thaum kawg tau txwv tsis pub malware txoj kev tswj hwm ntawm kev ntshai thaum Lub Ib Hlis 2021, thaum lawv txeeb ntau pua servers nyob thoob plaws ntiaj teb uas siv nws. Txawm li cas los xij, qhov kev soj ntsuam ntawm MSRC zoo li qhia tias hackers tau sim rov tsim kho cov malware's cyberinfrastructure los ntawm kev siv qhov tam sim no patched Windows app spoofing vulnerability.
Hais kom txhua tus neeg siv Windows txhawm rau kho lawv cov kab ke, Breen tseem ceeb toom lawv tias thaum Microsoft lub thaj yuav nyiag cov neeg nyiag nkas ntawm qhov txhais tau tias yuav zais cov pob tsis zoo raws li siv tau, nws yuav tsis tiv thaiv cov neeg tawm tsam los ntawm kev xa cov txuas lossis txuas rau cov ntaub ntawv no. Qhov no tseem ceeb txhais tau tias cov neeg siv yuav tseem yuav tsum tau ceev faj thiab xyuas cov txheej txheem ntawm lub pob ua ntej txhim kho nws.
Nyob rau hauv tib txoj kev, nws ntxiv tias thaum CVE-2021-43890 yog qhov tseem ceeb patching, nws tseem tsuas yog ib qho ntawm 67 qhov tsis zoo uas Microsoft tau kho hauv nws qhov kawg Patch Tuesday ntawm 2021. Rau ntawm cov no tau txais " Qhov tseem ceeb" kev ntsuam xyuas, uas txhais tau hais tias lawv tuaj yeem raug siv los ntawm cov neeg nyiag nkas kom tau txais kev ua tiav, kev tswj chaw taws teeb ntawm cov khoos phis tawj Windows uas tsis muaj zog ntau yam tsis muaj kev tiv thaiv ntau thiab tsuas yog qhov tseem ceeb rau thaj ua rau lub app spoofing vulnerability.