Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Microsoft Disables MSIX Protocol Handler to Protect Windows Users from Malware

Last week, Microsoft announced that it has temporarily disabled the MSIX protocol handler to prevent malicious attacks on Windows 10 and 11. The company says this change aims to address a newly discovered Windows AppX Installer spoofing vulnerability, which was discovered in December 2021.

For those unfamiliar with the Windows AppX Installer, it’s a Windows feature that was introduced back in 2016. It enables users to install a Windows app directly from a web server without downloading .appx packages. The Windows AppX Installer offers a simplified experience for sideloading app packages.

As it turns out, threat actors took advantage of a security vulnerability in the Windows App Installer packages to install malicious apps on targetted machines. “We were recently notified that the ms-appinstaller protocol for MSIX can be used in a malicious way. Specifically, an attacker could spoof App Installer to install a package that the user did not intend to install,” Microsoft’s Dian Hartono explained in a blog post.

Fortunately, Microsoft has temporarily addressed this issue by disabling the ms-appinstaller scheme (protocol) on Windows 10 and 11 PCs. Currently, the company is working on a fix for the issue, and it plans to create a group policy to allow IT admins to re-enable the ms-appinstaller protocol securely within their organizations.

Microsoft provides a temporary workaround to prevent malicious attacks

In the meantime, Microsoft has provided a workaround to help customers prevent malicious attacks. “For now, we have disabled the ms-appinstaller scheme (protocol). This means that App Installer will not be able to install an app directly from a web server. Instead, users will need to first download the app to their device, and then install the package with App Installer. This may increase the download size for some packages,” Hartono added.

Microsoft also encourages developers to remove “ms-appinstaller:?source=” schemes from the app download links available on their websites. This should help to ensure that the App Installer or the MSIX package will be downloaded directly on Windows PCs. If you’re interested, we invite you to read more about the current status of the Windows AppX Installer spoofing vulnerability on the Microsoft Security Resource Center.

by Rabia Noureen
Feb 8, 2022

Rabia comes from a solid IT background and has been writing professionally about Microsoft products and other technology for four years. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on the latest trends in...

What is a Roaming User Profile on Windows?

Sep 1, 2023
Oct 24, 2023
What’s New in Windows – May 2023

Jun 1, 2023
How to Enable Auto Login on Windows 10

Jun 2, 2023
Jul 19, 2023

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.