[ad_1]
Microsoft final week introduced that it is briefly disabling the MSIX ms-appinstaller protocol handler in Home windows following proof {that a} safety vulnerability within the installer element was exploited by menace actors to ship malware akin to Emotet, TrickBot, and Bazaloader.
MSIX, based mostly on a mix of .msi, .appx, App-V and ClickOnce set up applied sciences, is a common Home windows app package deal format that enables builders to distribute their functions for the desktop working system and different platforms. ms-appinstaller, particularly, is designed to assist customers set up a Home windows app by merely clicking a hyperlink on a web site.
However a spoofing vulnerability uncovered in Home windows App Installer (CVE-2021-43890, CVSS rating: 7.1) meant that it could possibly be tricked into putting in a rogue app that was by no means supposed to be put in by the person through a malicious attachment utilized in phishing campaigns.
Though Microsoft launched preliminary patches to handle this flaw as a part of its December 2021 Patch Tuesday updates, the corporate has now disabled the ms-appinstaller scheme whereas it really works to fully plug the safety gap and forestall additional exploitation.
“Because of this App Installer won’t be able to put in an app straight from an internet server,” Dian Hartono stated. “As a substitute, customers might want to first obtain the app to their system, after which set up the package deal with App Installer. This will likely improve the obtain measurement for some packages.”
With Microsoft yanking assist for the protocol, the corporate can also be recommending builders that they replace the app obtain hyperlinks on their web sites by eradicating “ms-appinstaller:?supply=” schemes in order that the MSIX package deal or.appinstaller file might be downloaded.
[ad_2]

