Microsoft decided in February to make a drastic change to protect users and temporarily disable the MSIX app installation protocol. The ability to install applications was massively abused by malware. Now the installer is back. Microsoft has finally brought the malware issue under control and now allows administrators to re-enable the protocol handler.
Requires the latest App Installer version (1.17.10751.0 or newer) to be installed and a Group Policy enabled (via bleeding computer Details can be found in the technical community from Microsoft there are also download links for the updates. Infographic Heard a lot – never used it: protective measures on the internet The problem has been known for a long time. The Windows AppX Installer Spoofing Vulnerability is patched with CVE-2021-43890. In December, Microsoft published the following error description:
We investigated reports of a spoofing vulnerability in the AppX installer affecting Microsoft Windows. Microsoft is aware of attacks that attempt to exploit this vulnerability using specially crafted packages. These attacks use malware from the Emotet/Trickbot/Bazaloader family. An attacker could create a malicious attachment for use in phishing campaigns. The attacker would then have to trick the user into opening the specially crafted attachment. Users whose accounts are configured to have less extended user rights on the system may be less affected than users who have administrative privileges.
The emergency brake was too late
Only in February was the emergency brake pulled and the option deactivated. How long cyber gangsters actively exploited the gap remained unclear. However, some major campaigns were announced. It didn’t take long for Microsoft to find a solution. We had previously reported on some malware campaigns that exploited the vulnerability in the MSIX app installer protocol and mass-produced fake app installers.
It has been a long time since I joined Research Snipers. Though I have been working as a part-time tech-news writer, it feels good to be part of the team. Besides that, I am building a finance-based blog, working as a freelance content writer/blogger, and a video editor.