Microsoft Disables MSIX Application Installers Temporarily to Prevent Malware Abuse

Short News:- 

Microsoft has temporarily disabled the MSIX ms-appinstaller protocol handler, which is used to deliver malware such as Emotet, TrickBot, and Bazaloader.  Microsoft has temporarily disabled the MSIX ms-appinstaller protocol handler. This action follows the discovery of evidence that a security flaw in the installer component was exploited by threat actors. The App Installer program is intended to assist users in installing a Windows application.

Detailed News:- 

Microsoft has temporarily disabled the MSIX ms-appinstaller protocol handler, which is used to deliver malware such as Emotet, TrickBot, and Bazaloader. This action follows the discovery of evidence that a security flaw in the installer component was exploited by threat actors in order to distribute malicious software.

A combination of.msi,.appx, App-V, and ClickOnce installation technologies are used to create the MSIX universal Windows application package format, which allows developers to distribute their desktop and other platform applications to a large number of users. In particular, the ms-appinstaller program is intended to assist users in installing a Windows application by simply clicking on a link on a website.

In the Windows App Installer, a vulnerability was discovered (CVE-2021-43890, with a CVSS score of 7.1), which could be exploited in phishing campaigns to trick users into installing a malicious app that was never intended for them to use.

Since then, Microsoft has disabled the ms-appinstaller scheme as it works to close the security hole and prevent further exploitation of the flaw that was addressed in the December 2021 Patch Tuesday security update.

According to Dian Hartono, the App Installer will not be able to install an app from a web server directly, according to a statement. "It is necessary for the user to download the app to their device and then install the package, which can only be accomplished by using App Installer. It is possible that the download sizes of some packages will be affected as a result of this."

In light of Microsoft's decision to cease supporting the protocol, it is advising developers to remove "ms-appinstaller:?source=" schemes from their app download links in order to allow users to download either the MSIX package or the.appinstaller file rather than the app itself.