{"id":44438,"date":"2021-12-15T03:29:42","date_gmt":"2021-12-15T03:29:42","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/microsoft-closes-installer-hole-abused-by-emotet-malware-google-splats-chrome-bug-exploited-in-the-wild\/"},"modified":"2021-12-15T03:29:42","modified_gmt":"2021-12-15T03:29:42","slug":"microsoft-closes-installer-hole-abused-by-emotet-malware-google-splats-chrome-bug-exploited-in-the-wild","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/microsoft-closes-installer-hole-abused-by-emotet-malware-google-splats-chrome-bug-exploited-in-the-wild\/","title":{"rendered":"Microsoft closes installer hole abused by Emotet malware, Google splats Chrome bug exploited in the wild"},"content":{"rendered":"<p><span data-label=\"patch tuesday\">Patch Tuesday<\/span> It&#8217;s not just <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2021\/12\/14\/apache_log4j_v2_16_jndi_disabled_default\/\" rel=\"noopener\">Log4j<\/a> you need to worry about this week. It&#8217;s the final Patch Tuesday of the year.<\/p>\n<p>If you haven&#8217;t already installed these fixes, or started testing them ahead of deployment, now would be a good time before exploits are developed and deployed over the Christmas break. At least two of them \u2013 one in Windows AppX Installer and one in Chrome \u2013 are being exploited in the wild right now.<\/p>\n<p>Let&#8217;s start with Microsoft, which put out a summary of its security updates <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/releaseNote\/2021-Dec\">here<\/a>. All manner of products are affected, from the Windows kernel to PowerShell to Office to the beleaguered Print Spooler.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Ybn8JMhmgzpzjHee8S0EqAAAABY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Ybn8JMhmgzpzjHee8S0EqAAAABY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>According to Dustin Childs at the Zero Day Initiative, <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.zerodayinitiative.com\/blog\/2021\/12\/14\/the-december-2021-security-update-review\">67 CVE-listed bugs<\/a>, seven of which are considered critical, have been hopefully squashed by Redmond in its latest patch batch. And when you include the Chromium bugs fixed in Edge, the total hits 83, we&#8217;re told.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Ybn8JMhmgzpzjHee8S0EqAAAABY&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Ybn8JMhmgzpzjHee8S0EqAAAABY&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Ybn8JMhmgzpzjHee8S0EqAAAABY&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Ybn8JMhmgzpzjHee8S0EqAAAABY&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>Here&#8217;s some of the more notable bugs, critical or otherwise:<\/p>\n<p><b>Windows AppX Installer:<\/b> (<a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-43890\">CVE-2021-43890<\/a>) It seems this spoofing vulnerability can be exploited to trick someone into installing a malicious software package. Indeed, according to Microsoft, this can be used in phishing campaigns to produce message attachments that activate when opened. The flaw has been abused in the wild to spread the Emotet, aka Trickbot and Bazaloader, malware.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Ybn8JMhmgzpzjHee8S0EqAAAABY&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Ybn8JMhmgzpzjHee8S0EqAAAABY&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p><b>iSNS Server:<\/b> (<a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-43215\">CVE-2021-43215<\/a>) A critical remote-code execution vulnerability in Microsoft&#8217;s Internet Storage Name Service, which is not enabled by default but is typically turn on for managing iSCSI devices on a storage network. Sending a specially crafted request to the server, even as an unauthenticated user, can lead to code execution and system compromise.<\/p>\n<p><b>Microsoft 4K Wireless Display Adapter:<\/b> (<a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-43899\">CVE-2021-43899<\/a>) A critical bug in this hardware gadget&#8217;s firmware can be exploited over the network by an unauthenticated miscreant to hijack it.<\/p>\n<p><b>Microsoft Defender for IoT:<\/b> (<a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-42310\">CVE-2021-42310<\/a>) A critical remote-code execution flaw in this security product, prior to version 10.5.2, can be exploited over a network by a non-authenticated miscreant. Details are minimal though one assumes it&#8217;s possible to feed specially crafted data into this software to compromise it.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Ybn8JMhmgzpzjHee8S0EqAAAABY&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Ybn8JMhmgzpzjHee8S0EqAAAABY&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p><b>Microsoft Office app:<\/b> (<a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-43905\">CVE-2021-43905<\/a>) Again, Microsoft is cagey about this critical remote-code execution hole prior to versions 18.2110.13110.0 of its app, which is typically automatically updated anyway. It&#8217;s likely an attacker will require a victim to open a booby-trapped document to achieve code execution; viewing it in the preview pane isn&#8217;t enough.<\/p>\n<p><b>Remote Desktop Client:<\/b> (<a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-43233\">CVE-2021-43233<\/a>) This network-based critical remote-code execution flaw requires the user to take some action, and also presumably exploitation involves getting a victim to connect to a malicious remote-desktop server, something the peeps at Tenable <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.tenable.com\/blog\/microsofts-december-2021-patch-tuesday-addresses-67-cves-cve-2021-43890\">noted<\/a>, too.<\/p>\n<p><b>Visual Studio Code WSL Extension:<\/b> (<a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-43907\">CVE-2021-43907<\/a>) This critical remote-code execution hole can be exploited remotely with no user interaction required, and Microsoft is mum on the details. This sounds potentially awful for developers, so grab the update as soon as you can.<\/p>\n<p><b>Windows Encrypting File System:<\/b> (<a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-43217\">CVE-2021-43217<\/a>) According to Microsoft, &#8220;an attacker could cause a buffer overflow write leading to unauthenticated non-sandboxed code execution.&#8221; Crucially, the encrypting filesystem doesn&#8217;t even have to be running to be vulnerable and exploitable. This is also a <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/support.microsoft.com\/en-us\/topic\/kb5009763-efs-security-hardening-changes-in-cve-2021-43217-719fbc9d-ad9b-4f90-a964-0afe40338002\">two-part patch<\/a>, starting this month and completing in March 2022, which suggests this critical remote-code execution flaw, which doesn&#8217;t require authentication, is non-trivial.<\/p>\n<p>&#8220;The initial deployment phase starts with the Windows updates released on December 14, 2021,&#8221; Microsoft noted. &#8220;The updates will enable packet-level privacy for EFS when the client initiates a connection, and the server will only allow connections with packet-level privacy.<\/p>\n<p>&#8220;The second phase, planned for a Q1 2021 release, marks the transition into the enforcement phase. Support for the AllowAllCliAuth registry key will be removed and servers will require packet-level privacy regardless of the registry key setting.&#8221;<\/p>\n<p>On top of this, there is an elevation-of-privilege bug (<a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-43893\">CVE-2021-43893<\/a>) in EFS that can be combined with the above to really cause some admin-level damage on a victim&#8217;s system.<\/p>\n<p>And there are plenty more programming blunders. A remote-code execution flaw in SharePoint Server (<a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-42309\">CVE-2021-42309<\/a>) that requires authentication to exploit. The following have exploit code available for them though aren&#8217;t being necessarily abused in the wild: NTFS Set Short Name elevation-of-privilege (<a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-43240\">CVE-2021-43240<\/a>); Windows Installer elevation-of-privilege (<a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-43883\">CVE-2021-43883<\/a>); Windows Mobile Device Management elevation-of-privilege (<a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-43880\">CVE-2021-43880<\/a>); and Windows Print Spooler elevation-of-privilege (<a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-41333\">CVE-2021-41333<\/a>).<\/p>\n<p>And a shed load of other patches for Microsoft Defender for IoT, HEVC Video Extensions, Excel, Storage Spaces Controller, Visual Studio Code, Windows Common Log File System Driver, Windows Recovery Environment Agent, and more.<\/p>\n<p>Meanwhile, Apple <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2021\/12\/14\/apple_os_updates\/\" rel=\"noopener\">released<\/a> macOS, iOS and iPadOS, tvOS, and watchOS security fixes on Monday.<\/p>\n<p>On Tuesday, Adobe <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/helpx.adobe.com\/security\/Home.html\">patched<\/a> scores of bugs in 11 of its products, including code execution holes in <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/helpx.adobe.com\/security\/products\/photoshop\/apsb21-113.html\">Photoshop<\/a>, <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/helpx.adobe.com\/security\/products\/premiere_pro\/apsb21-117.html\">Premier Pro<\/a>, and <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/helpx.adobe.com\/security\/products\/after_effects\/apsb21-115.html\">After Effects<\/a> on Windows and macOS, and a privilege-escalation vulnerability in <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/helpx.adobe.com\/security\/products\/lightroom\/apsb21-119.html\">Lightroom<\/a> on Windows. Like the Apple flaws, none are said to be under active attack.<\/p>\n<p>On Monday, Google <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/chromereleases.googleblog.com\/2021\/12\/stable-channel-update-for-desktop_13.html\">issued<\/a> Chrome 96.0.4664.110 for Windows, macOS, and Linux that addresses five serious vulnerabilities, one of which \u2013 CVE-2021-4102, a use-after-free() flaw in the V8 JavaScript engine \u2013 is being actively exploited in the wild.<\/p>\n<p>Finally, SAP <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/wiki.scn.sap.com\/wiki\/display\/PSR\/SAP+Security+Patch+Day+-+December+2021\">issued<\/a> 10 security notes. There are a bunch of serious bugs patched in SAP Commerce, localization for China, that appear to stem from flaws <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.debian.org\/security\/2021\/dsa-5004\">discovered<\/a> in XStream, a Java library to serialize objects to XML and back.<\/p>\n<p>There&#8217;s also what&#8217;s described as a &#8220;code injection vulnerability in SAP ABAP Server &amp; ABAP Platform,&#8221; plus an SQL-injection hole in SAP Commerce, an XSS vuln in SAP Knowledge Warehouse, a command-injection flaw in SAP NetWeaver AS ABAP, and other security blunders in the enterprise IT giant&#8217;s code. \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2021\/12\/15\/patch_tesuday\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Round off the year with a large crop of fixes for programming blunders Patch Tuesday\u00a0 It&#8217;s not just Log4j you need to worry about this week. It&#8217;s the final Patch Tuesday of the year.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-44438","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Microsoft closes installer hole abused by Emotet malware, Google splats Chrome bug exploited in the wild 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/microsoft-closes-installer-hole-abused-by-emotet-malware-google-splats-chrome-bug-exploited-in-the-wild\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft closes installer hole abused by Emotet malware, Google splats Chrome bug exploited in the wild 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/microsoft-closes-installer-hole-abused-by-emotet-malware-google-splats-chrome-bug-exploited-in-the-wild\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-12-15T03:29:42+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Ybn8JMhmgzpzjHee8S0EqAAAABY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-closes-installer-hole-abused-by-emotet-malware-google-splats-chrome-bug-exploited-in-the-wild\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-closes-installer-hole-abused-by-emotet-malware-google-splats-chrome-bug-exploited-in-the-wild\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Microsoft closes installer hole abused by Emotet malware, Google splats Chrome bug exploited in the wild\",\"datePublished\":\"2021-12-15T03:29:42+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-closes-installer-hole-abused-by-emotet-malware-google-splats-chrome-bug-exploited-in-the-wild\\\/\"},\"wordCount\":966,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-closes-installer-hole-abused-by-emotet-malware-google-splats-chrome-bug-exploited-in-the-wild\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Ybn8JMhmgzpzjHee8S0EqAAAABY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-closes-installer-hole-abused-by-emotet-malware-google-splats-chrome-bug-exploited-in-the-wild\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-closes-installer-hole-abused-by-emotet-malware-google-splats-chrome-bug-exploited-in-the-wild\\\/\",\"name\":\"Microsoft closes installer hole abused by Emotet malware, Google splats Chrome bug exploited in the wild 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-closes-installer-hole-abused-by-emotet-malware-google-splats-chrome-bug-exploited-in-the-wild\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-closes-installer-hole-abused-by-emotet-malware-google-splats-chrome-bug-exploited-in-the-wild\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Ybn8JMhmgzpzjHee8S0EqAAAABY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2021-12-15T03:29:42+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-closes-installer-hole-abused-by-emotet-malware-google-splats-chrome-bug-exploited-in-the-wild\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-closes-installer-hole-abused-by-emotet-malware-google-splats-chrome-bug-exploited-in-the-wild\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-closes-installer-hole-abused-by-emotet-malware-google-splats-chrome-bug-exploited-in-the-wild\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Ybn8JMhmgzpzjHee8S0EqAAAABY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Ybn8JMhmgzpzjHee8S0EqAAAABY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-closes-installer-hole-abused-by-emotet-malware-google-splats-chrome-bug-exploited-in-the-wild\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Microsoft closes installer hole abused by Emotet malware, Google splats Chrome bug exploited in the wild\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft closes installer hole abused by Emotet malware, Google splats Chrome bug exploited in the wild 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/microsoft-closes-installer-hole-abused-by-emotet-malware-google-splats-chrome-bug-exploited-in-the-wild\/","og_locale":"en_US","og_type":"article","og_title":"Microsoft closes installer hole abused by Emotet malware, Google splats Chrome bug exploited in the wild 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/microsoft-closes-installer-hole-abused-by-emotet-malware-google-splats-chrome-bug-exploited-in-the-wild\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-12-15T03:29:42+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Ybn8JMhmgzpzjHee8S0EqAAAABY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-closes-installer-hole-abused-by-emotet-malware-google-splats-chrome-bug-exploited-in-the-wild\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-closes-installer-hole-abused-by-emotet-malware-google-splats-chrome-bug-exploited-in-the-wild\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Microsoft closes installer hole abused by Emotet malware, Google splats Chrome bug exploited in the wild","datePublished":"2021-12-15T03:29:42+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-closes-installer-hole-abused-by-emotet-malware-google-splats-chrome-bug-exploited-in-the-wild\/"},"wordCount":966,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-closes-installer-hole-abused-by-emotet-malware-google-splats-chrome-bug-exploited-in-the-wild\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Ybn8JMhmgzpzjHee8S0EqAAAABY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-closes-installer-hole-abused-by-emotet-malware-google-splats-chrome-bug-exploited-in-the-wild\/","url":"https:\/\/www.threatshub.org\/blog\/microsoft-closes-installer-hole-abused-by-emotet-malware-google-splats-chrome-bug-exploited-in-the-wild\/","name":"Microsoft closes installer hole abused by Emotet malware, Google splats Chrome bug exploited in the wild 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-closes-installer-hole-abused-by-emotet-malware-google-splats-chrome-bug-exploited-in-the-wild\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-closes-installer-hole-abused-by-emotet-malware-google-splats-chrome-bug-exploited-in-the-wild\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Ybn8JMhmgzpzjHee8S0EqAAAABY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2021-12-15T03:29:42+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-closes-installer-hole-abused-by-emotet-malware-google-splats-chrome-bug-exploited-in-the-wild\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/microsoft-closes-installer-hole-abused-by-emotet-malware-google-splats-chrome-bug-exploited-in-the-wild\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-closes-installer-hole-abused-by-emotet-malware-google-splats-chrome-bug-exploited-in-the-wild\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Ybn8JMhmgzpzjHee8S0EqAAAABY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Ybn8JMhmgzpzjHee8S0EqAAAABY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-closes-installer-hole-abused-by-emotet-malware-google-splats-chrome-bug-exploited-in-the-wild\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Microsoft closes installer hole abused by Emotet malware, Google splats Chrome bug exploited in the wild"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/44438","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=44438"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/44438\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=44438"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=44438"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=44438"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}