Microsoft Disables MSIX Protocol Handler to Protect Windows Users from Malware
Last week, Microsoft announced that it has temporarily disabled the MSIX protocol handler to prevent malicious attacks on Windows 10 and 11. The company says this change aims to address a newly discovered Windows AppX Installer spoofing vulnerability, which was discovered in December 2021.
For those unfamiliar with the Windows AppX Installer, it’s a Windows feature that was introduced back in 2016. It enables users to install a Windows app directly from a web server without downloading .appx packages. The Windows AppX Installer offers a simplified experience for sideloading app packages.
As it turns out, threat actors took advantage of a security vulnerability in the Windows App Installer packages to install malicious apps on targetted machines. “We were recently notified that the ms-appinstaller protocol for MSIX can be used in a malicious way. Specifically, an attacker could spoof App Installer to install a package that the user did not intend to install,” Microsoft’s Dian Hartono explained in a blog post.
Fortunately, Microsoft has temporarily addressed this issue by disabling the ms-appinstaller scheme (protocol) on Windows 10 and 11 PCs. Currently, the company is working on a fix for the issue, and it plans to create a group policy to allow IT admins to re-enable the ms-appinstaller protocol securely within their organizations.
Microsoft provides a temporary workaround to prevent malicious attacks
In the meantime, Microsoft has provided a workaround to help customers prevent malicious attacks. “For now, we have disabled the ms-appinstaller scheme (protocol). This means that App Installer will not be able to install an app directly from a web server. Instead, users will need to first download the app to their device, and then install the package with App Installer. This may increase the download size for some packages,” Hartono added.
Microsoft also encourages developers to remove “ms-appinstaller:?source=” schemes from the app download links available on their websites. This should help to ensure that the App Installer or the MSIX package will be downloaded directly on Windows PCs. If you’re interested, we invite you to read more about the current status of the Windows AppX Installer spoofing vulnerability on the Microsoft Security Resource Center.
More in Windows 11
IT Admins Report Issues With Microsoft Store Version of Quick Assist App
May 16, 2022 | Rabia Noureen
Microsoft Releases May 2022 Patch Tuesday Updates
May 11, 2022 | Laurent Giret
What’s New with Windows – April 2022
May 2, 2022 | Russell Smith
How to Customize the Windows 11 Start Menu and Taskbar
Apr 28, 2022 | Michael Otey
Microsoft to Disable SMB1 File-Sharing Protocol By Default on Windows 11
Apr 20, 2022 | Rabia Noureen
This Week in IT - Microsoft Demos the Future of Windows 11 But ETA Missing in Action
Apr 8, 2022 | Russell Smith
Most popular on petri