Microsoft disables the MSIX App Installer protocol to protect users

Microsoft disables the MSIX App Installer protocol to protect users from malware

Microsoft announced about disabling the ms-appinstaller protocol of the MSIX App Installer on Windows 10 and Windows 11 to prevent the proliferation of malicious software such as BazarLoader and Emotet. In the future, the software giant plans to integrate group policies into operating systems, which will allow network administrators to enable the mentioned protocol and control its operation.

Image source: Neowin

Image source: Neowin

The ms-appinstaller protocol allows you to install various applications directly from a website without first downloading the MSIX file to local media. The idea is to help users save disk space by not having to download the entire MSIX package. It turned out that MSIX packages are used by attackers to proliferate malware. Although the mentioned protocol was actually deactivated last year, it has only now been officially announced. The vulnerability that allows malware to proliferate in this way is tracked as CVE-2021-43890.

“Recently, we were made aware that the ms-appinstaller protocol can be used maliciously in MSIX. For example, attackers can spoof an app installer to download a package the user didn’t want to install <…> We have disabled the ms-appinstaller log for now. This means that the app installer cannot download apps directly from websites. Instead, users must first download and then install the app on their device.” Microsoft announced this in a statement.

According to reports, Microsoft developers are now testing the problematic protocol to ensure that it is completely safe for users after reactivation. For enterprise customers, Microsoft will create a special group policy that allows administrators to control how ms-appinstaller works.



About the author

Robbie Elmers

Robbie Elmers is a staff writer for Tech News Space, covering software, applications and services.

Add Comment

Click here to post a comment