1 min read

Microsoft Temporarily Disables MSIX Protocol after Criminals Use Vulnerability to Spread Malware

Silviu STAHIE

February 07, 2022

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Microsoft Temporarily Disables MSIX Protocol after Criminals Use Vulnerability to Spread Malware

Microsoft has disabled the MSIX protocol handler to stop existing malicious campaigns, including Emotet, which used a vulnerability to spread malware.

A big problem with large software environments, such as Windows, is that change takes a long time to disseminate, and that's especially obvious for patches. It's not uncommon to see companies with unpatched systems even two years after Microsoft publishes a fix for a vulnerability.

Just because the developers were aware of the problem and quickly issued a fix, it doesn't mean that users and enterprises will hurry up and install it. Something similar is happening regarding a vulnerability tracked as CVE-2021-43890. The company already deployed a fix and released some mitigations for users, who didn't patch their systems.

Basically, the MSIX protocol lets users click a link on a website and trigger the software's installation. Malware operators found a way to abuse this behavior so Microsoft was forced to pull the plug until they could adequately repair the vulnerability.

"We were recently notified that the ms-appinstaller protocol for MSIX can be used in a malicious way," said Microsoft's Dian Hartono. "Specifically, an attacker could spoof App Installer to install a package that the user did not intend to install."

"We are actively working to address this vulnerability," she added." For now, we have disabled the ms-appinstaller scheme (protocol). This means that App Installer will not be able to install an app directly from a web server. Instead, users will need to first download the app to their device, and then install the package with App Installer."

Microsoft has yet to say when it may re-enable MSIX, but the bigger immediate problem is that some companies still rely on this protocol. Microsoft is likely to offer soon a Group Policy that lets IT administrators re-enable the protocol and control its use within their organizations.

tags


Author


Silviu STAHIE

Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between.

View all posts

You might also like

Bookmarks


loader