Microsoft Disables MSIX Protocol Handler to Protect Windows Users from Malware
Last week, Microsoft announced that it has temporarily disabled the MSIX protocol handler to prevent malicious attacks on Windows 10 and 11. The company says this change aims to address a newly discovered Windows AppX Installer spoofing vulnerability, which was discovered in December 2021.
For those unfamiliar with the Windows AppX Installer, it’s a Windows feature that was introduced back in 2016. It enables users to install a Windows app directly from a web server without downloading .appx packages. The Windows AppX Installer offers a simplified experience for sideloading app packages.
As it turns out, threat actors took advantage of a security vulnerability in the Windows App Installer packages to install malicious apps on targetted machines. “We were recently notified that the ms-appinstaller protocol for MSIX can be used in a malicious way. Specifically, an attacker could spoof App Installer to install a package that the user did not intend to install,” Microsoft’s Dian Hartono explained in a blog post.
Fortunately, Microsoft has temporarily addressed this issue by disabling the ms-appinstaller scheme (protocol) on Windows 10 and 11 PCs. Currently, the company is working on a fix for the issue, and it plans to create a group policy to allow IT admins to re-enable the ms-appinstaller protocol securely within their organizations.
Microsoft provides a temporary workaround to prevent malicious attacks
In the meantime, Microsoft has provided a workaround to help customers prevent malicious attacks. “For now, we have disabled the ms-appinstaller scheme (protocol). This means that App Installer will not be able to install an app directly from a web server. Instead, users will need to first download the app to their device, and then install the package with App Installer. This may increase the download size for some packages,” Hartono added.
Microsoft also encourages developers to remove “ms-appinstaller:?source=” schemes from the app download links available on their websites. This should help to ensure that the App Installer or the MSIX package will be downloaded directly on Windows PCs. If you’re interested, we invite you to read more about the current status of the Windows AppX Installer spoofing vulnerability on the Microsoft Security Resource Center.
More in Windows 11
Microsoft Starts Force Upgrading Windows 11 Users to version 22H2
Jan 27, 2023 | Rabia Noureen
Microsoft Offers Temporary Fix for Start menu or UWP App Freezing Issues on Windows 11 and 10
Jan 26, 2023 | Rabia Noureen
Windows Terminal Preview 1.17 Adds Process Restart and Mica Support
Jan 25, 2023 | Rabia Noureen
Microsoft Confirms System Restore Breaks Apps on Windows 11 Version 22H2
Jan 20, 2023 | Rabia Noureen
Microsoft to Block SMB Guest Authentication By Default in Windows 11 Pro
Jan 18, 2023 | Rabia Noureen
Microsoft Releases a Script to Recover Some Windows App Shortcuts Deleted on Friday 13
Jan 16, 2023 | Rabia Noureen
Most popular on petri