Friday, July 3, 2026
HomeCyber SecurityMicrosoft Quickly Disables MSIX App Installers to Forestall Malware Abuse

Microsoft Quickly Disables MSIX App Installers to Forestall Malware Abuse

[ad_1]

Microsoft final week introduced that it is briefly disabling the MSIX ms-appinstaller protocol handler in Home windows following proof {that a} safety vulnerability within the installer element was exploited by menace actors to ship malware akin to Emotet, TrickBot, and Bazaloader.

MSIX, based mostly on a mix of .msi, .appx, App-V and ClickOnce set up applied sciences, is a common Home windows app package deal format that enables builders to distribute their functions for the desktop working system and different platforms. ms-appinstaller, particularly, is designed to assist customers set up a Home windows app by merely clicking a hyperlink on a web site.

Automatic GitHub Backups

However a spoofing vulnerability uncovered in Home windows App Installer (CVE-2021-43890, CVSS rating: 7.1) meant that it could possibly be tricked into putting in a rogue app that was by no means supposed to be put in by the person through a malicious attachment utilized in phishing campaigns.

Malware Abuse

Though Microsoft launched preliminary patches to handle this flaw as a part of its December 2021 Patch Tuesday updates, the corporate has now disabled the ms-appinstaller scheme whereas it really works to fully plug the safety gap and forestall additional exploitation.

Prevent Data Breaches

“Because of this App Installer won’t be able to put in an app straight from an internet server,” Dian Hartono stated. “As a substitute, customers might want to first obtain the app to their system, after which set up the package deal with App Installer. This will likely improve the obtain measurement for some packages.”

With Microsoft yanking assist for the protocol, the corporate can also be recommending builders that they replace the app obtain hyperlinks on their web sites by eradicating “ms-appinstaller:?supply=” schemes in order that the MSIX package deal or.appinstaller file might be downloaded.



[ad_2]

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments