• Tips for the week – what about the AppX vulnerability?

    Posted on December 18, 2021 at 22:15 CST by Comment in the Forums

    (Note, we’re not ready to give the all clear for installing this is just a post clarifying a particularly confusing update. More about the December updates will be in tomorrow’s newsletter)

    Youtube video here

    This is a special post about a VERY confusing patch that came out on December 14.
    Referred to the Windows AppX installer vulnerability, it’s been used in actual targeted attacks.

    What’s confusing about this update and it’s “patch documentation” is that it’s not really a separate patch, rather it gets updated through the cumulative update. You only need to install this “patch” if you are in a business or corporation and have blocked updating your machines, then you need to manually install this update. Otherwise, it’s already patched and you don’t have to worry about it.

    Now mind you the way the update is documented, it’s not clear, but in testing I can tell that it’s already been fixed.

    Now keep in mind that many of these “in the wild” exploits come in through attachments, so always be wary of attachments to emails. Think… don’t click! I call this “patching the human”. If you patch yourself first – make sure you don’t click on attachments that you weren’t expecting – this goes a long way to keeping yourself safe.

    Edit 12-19-2021:  clearly this is even more confusing. It gets updated through the Microsoft store. Note that I recommend that you leave the Microsoft store to automatically update software for this very reason. Just like browsers, this is something that too often we forget needs updating as well. Bottom line if you’ve not disabled updates for the MS store, you will already be up to date and will not need to take any action.

    Windows Security
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.