
close
close
Last week, Microsoft announced that it has temporarily disabled the MSIX protocol handler to prevent malicious attacks on Windows 10 and 11. The company says this change aims to address a newly discovered Windows AppX Installer spoofing vulnerability, which was discovered in December 2021.
For those unfamiliar with the Windows AppX Installer, it’s a Windows feature that was introduced back in 2016. It enables users to install a Windows app directly from a web server without downloading .appx packages. The Windows AppX Installer offers a simplified experience for sideloading app packages.
advertisment
As it turns out, threat actors took advantage of a security vulnerability in the Windows App Installer packages to install malicious apps on targetted machines. “We were recently notified that the ms-appinstaller protocol for MSIX can be used in a malicious way. Specifically, an attacker could spoof App Installer to install a package that the user did not intend to install,” Microsoft’s Dian Hartono explained in a blog post.
Fortunately, Microsoft has temporarily addressed this issue by disabling the ms-appinstaller scheme (protocol) on Windows 10 and 11 PCs. Currently, the company is working on a fix for the issue, and it plans to create a group policy to allow IT admins to re-enable the ms-appinstaller protocol securely within their organizations.
In the meantime, Microsoft has provided a workaround to help customers prevent malicious attacks. “For now, we have disabled the ms-appinstaller scheme (protocol). This means that App Installer will not be able to install an app directly from a web server. Instead, users will need to first download the app to their device, and then install the package with App Installer. This may increase the download size for some packages,” Hartono added.
Microsoft also encourages developers to remove “ms-appinstaller:?source=” schemes from the app download links available on their websites. This should help to ensure that the App Installer or the MSIX package will be downloaded directly on Windows PCs. If you’re interested, we invite you to read more about the current status of the Windows AppX Installer spoofing vulnerability on the Microsoft Security Resource Center.
advertisment
More from Rabia Noureen
advertisment
Petri Newsletters
Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.
advertisment
More in Windows 11
IT Admins Report Issues With Microsoft Store Version of Quick Assist App
May 16, 2022 | Rabia Noureen
Microsoft to Disable SMB1 File-Sharing Protocol By Default on Windows 11
Apr 20, 2022 | Rabia Noureen
This Week in IT - Microsoft Demos the Future of Windows 11 But ETA Missing in Action
Apr 8, 2022 | Russell Smith
Most popular on petri
Log in to save content to your profile.
Article saved!
Access saved content from your profile page. View Saved
Join The Conversation
Create a free account today to participate in forum conversations, comment on posts and more.
Copyright ©2019 BWW Media Group