Security News > 2024 > January > Microsoft kills off Windows app installation from the web, again

Microsoft has disabled a protocol that allowed the installation of Windows apps after finding that miscreants were abusing the mechanism to install malware.
The move came just before Christmas, and seemingly mimicked issues first reported in December 2021, to address a Windows AppX Installer vulnerability in which an attacker could spoof App Installer into installing malicious software.
The ms-appinstaller URI scheme allows the MSIX package installer to install Windows apps from a web page using the local App Installer application.
Microsoft had relied on developers having to sign their app packages with "a third party paid certificate from a trusted certification authority," but evidently it put too much trust in such authorities.
Customers who have EnableMSAppInstallerProtocol group policy set to "Not Configured" or "Enabled" and are also using vulnerable versions of App Installer - from v1.18.2691 up until v1.21.3421, as well as Windows OS updates between October 2022 and March 2023 - are advised to update App Installer and to set the desired policy.
For those who rely on web-based installation as an app distribution channel, the consequence is a bit more friction for downloading and installation after proper checks.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/01/04/microsoft_windows_app_installation/
Related news
- Microsoft adds hotpatching support to Windows 11 Enterprise (source)
- Microsoft starts testing Windows 11 taskbar icon scaling (source)
- Windows 11 Forces Microsoft Account Sign In & Removes Bypass Trick Option (source)
- WinRAR flaw bypasses Windows Mark of the Web security alerts (source)
- Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws (source)
- Microsoft: Windows CLFS zero-day exploited by ransomware gang (source)
- Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) (source)
- Microsoft fixes auth issues on Windows Server, Windows 11 24H2 (source)
- Microsoft Patches 125 Flaws Including Actively Exploited Windows CLFS Vulnerability (source)
- Microsoft: April 2025 updates break Windows Hello on some PCs (source)