The ransomware - identified as BitPaymer - was found to be exploiting a zero-day bug in the Bonjour update component that runs in the background in Windows. This service is installed when iTunes is installed in Windows and actually remains on the system even when iTunes is uninstalled later on.
Specifically, the ransomware exploited an "unquoted service path" vulnerability in Bonjour which let the ransomware hijack its execution path. This would launch the ransomware and would also fly under the radar of many antivirus utilities.
Apple has since updated the flawed Bonjour component which you can update by installing the latest version of iTunes. You can get iTunes for Windows 32-bit from here, or you can get iTunes for Windows 64-bit from here.
Remember, even if you uninstalled iTunes before, the Bonjour component remains and will be unpatched unless you install the latest iTunes. If you want to get rid of Bonjour it should be listed with all other programs in "Programs & Features" in the Control Panel in Windows.
via: www.zdnet.com
Written by: James Delahunty @ 11 Oct 2019 14:16