Security News > 2022 > February > Microsoft Temporarily Disables MSIX App Installers to Prevent Malware Abuse
Microsoft last week announced that it's temporarily disabling the MSIX ms-appinstaller protocol handler in Windows following evidence that a security vulnerability in the installer component was exploited by threat actors to deliver malware such as Emotet, TrickBot, and Bazaloader.
Ms-appinstaller, specifically, is designed to help users install a Windows app by simply clicking a link on a website.
A spoofing vulnerability uncovered in Windows App Installer meant that it could be tricked into installing a rogue app that was never intended to be installed by the user via a malicious attachment used in phishing campaigns.
"This means that App Installer will not be able to install an app directly from a web server," Dian Hartono said.
"Instead, users will need to first download the app to their device, and then install the package with App Installer. This may increase the download size for some packages."
With Microsoft yanking support for the protocol, the company is also recommending developers that they update the app download links on their websites by removing "Ms-appinstaller:?source=" schemes so that the MSIX package or.
News URL
https://thehackernews.com/2022/02/microsoft-temporarily-disables-msix-app.html
Related news
- New Microsoft script updates Windows media with bootkit malware fixes (source)
- Microsoft says attackers use exposed ASP.NET keys to deploy malware (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- Microsoft spots XCSSET macOS malware variant used for crypto theft (source)
- Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics (source)