Microsoft announced regarding disabling the ms-appinstaller protocol of the MSIX App Installer on Windows 10 and Windows 11 to prevent the spread of malicious software such as BazarLoader and Emotet. In the future, the software giant plans to integrate group policy into operating systems, which will allow network administrators to activate the mentioned protocol and control its operation.
The ms-appinstaller protocol allows you to install various applications directly from a website without first downloading the MSIX file to local media. The idea is to help users save space by not having to download the entire MSIX package. It turned out that MSIX packages are used by attackers to spread malware. Although in fact the mentioned protocol was disabled last year, it was officially announced only now. The vulnerability that allows malware to be distributed in this way is tracked as CVE-2021-43890.
“Recently, we have been made aware that the ms-appinstaller protocol in MSIX can be used maliciously. For example, attackers can spoof an app installer to download a package that the user did not intend to install. <…> For now, we have disabled the ms-appinstaller protocol. This means that the app installer will not be able to directly download apps from websites. Instead, users will need to first download the app on their device and then install it.”, Microsoft said in a statement.
According to reports, Microsoft developers are now testing the problematic protocol to make sure that it will be completely safe for users following it is reactivated. For corporate customers, Microsoft will create a special group policy that will allow administrators to control the functioning of ms-appinstaller.
If you notice an error, select it with the mouse and press CTRL + ENTER.