IT House February 5 news, Microsoft officially announced today that in order to prevent malicious attacks, it has disabled the MSIX application installer protocol link. The protocol allows users to install various applications directly from a network server without first downloading them to local storage. The idea was that this approach would save space for users because the entire MSIX package would not require downloading.
However, it has been noted that this Windows application installation package is used to distribute malicious PDF files such as emotet and BazarLoader malware. As a result, the agreement was banned last year and was only officially announced today. This Windows AppX Installer spoofing vulnerability is assigned ID CVE-2021-43890.
The announcement post said,
"We were recently told that MSIX's ms-appinstaller protocol can be used maliciously. Specifically, an attacker could trick app installers into installing a package that the user does not intend to install.
[...] Currently, we have disabled the ms-appinstaller scheme (protocol). This means that App Installer will not be able to install an application directly from a network server. Instead, users will need to first download the app to their device and then install the package with app Installer. This may increase the download size of some packages. ”
Here's how you can disable the protocol on your website.
"If you take advantage of the ms-appinstaller protocol on your website, we recommend that you update the link to your application and remove 'ms-appinstaller:?source=' so that the MSIX package or App Installer file is downloaded to the user's device."
Microsoft also said it is looking at how to re-enable the protocol in a secure way at some point in the future, such as adding certain Group Policies. But for now, the workaround described above is a temporary solution to prevent malicious attacks. The company noted that
"We are taking the time to thoroughly test to make sure that the protocol can be re-enabled in a safe manner. We are looking at introducing a Group Policy that allows IT administrators to re-enable the protocol and control its use within the organization. ”