On the same day as the new April patch was released, Microsoft also addressed its ongoing battle with the “high-priority state-sponsored” bad actor, HAFNIUM, which is connected to the propagation of Tarrask malware. The latter is able to hack into a vulnerable Windows system’s registry, breaking into a common scheduled task’s Security Descriptor and erasing its details in order to hide Tarrask’s own location in the system, essentially cloaking it from schtasks /query and the Task Scheduler. It’s also incredibly difficult to delete since it basically spoofs itself as part of the Windows security subsystem, or LSASS.
Of course, Microsoft is currently on the case. Its Detection and Response Team (DART) has been working alongside the Microsoft Threat Intelligence Center (MSTIC) since the threat originally became clear in March 2021. As of April 12, Microsoft has detailed its recommended best course of action for users who are looking to root Tarrask out of their own systems.
Until an official fix is issued, Windows users will have to make do with the manual security directives offered by Microsoft. However, this is just one ongoing issue, and it pales against the admittedly large collection of other fixes that were included in the April 2022 update. In all, the recent update addressed over 145 issues across many different Windows platforms, and it equates to a much more comprehensive patch than Microsoft’s previous March 2022 update, which only addressed 94 issues by comparison.