Security News > 2022 > February > Microsoft Temporarily Disables MSIX App Installers to Prevent Malware Abuse
Microsoft last week announced that it's temporarily disabling the MSIX ms-appinstaller protocol handler in Windows following evidence that a security vulnerability in the installer component was exploited by threat actors to deliver malware such as Emotet, TrickBot, and Bazaloader.
Ms-appinstaller, specifically, is designed to help users install a Windows app by simply clicking a link on a website.
A spoofing vulnerability uncovered in Windows App Installer meant that it could be tricked into installing a rogue app that was never intended to be installed by the user via a malicious attachment used in phishing campaigns.
"This means that App Installer will not be able to install an app directly from a web server," Dian Hartono said.
"Instead, users will need to first download the app to their device, and then install the package with App Installer. This may increase the download size for some packages."
With Microsoft yanking support for the protocol, the company is also recommending developers that they update the app download links on their websites by removing "Ms-appinstaller:?source=" schemes so that the MSIX package or.
News URL
https://thehackernews.com/2022/02/microsoft-temporarily-disables-msix-app.html
Related news
- Microsoft admits GitHub hosted malware that infected almost a million devices (source)
- Microsoft: New RAT malware used for crypto theft, reconnaissance (source)
- Microsoft Trust Signing service abused to code-sign malware (source)
- Microsoft Trusted Signing service abused to code-sign malware (source)
- New Android malware uses Microsoft’s .NET MAUI to evade detection (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- Fake Microsoft Office add-in tools push malware via SourceForge (source)