Jump to content
Free PC Help Forum
Logging In to Free PC Help Forum Has Changed

Disabling the MSIX ms-appinstaller protocol handler

Guest Dian Hartono

By Guest Dian Hartono
in Microsoft Support & Discussions

 Share

Recommended Posts

Guest Dian Hartono

Guest Dian Hartono

Posted
Posted

We were recently notified that the ms-appinstaller protocol for MSIX can be used in a malicious way. Specifically, an attacker could spoof App Installer to install a package that the user did not intend to install. This spoofing vulnerability is being tracked by the Microsoft Security Resource Center (MSRC) and details on the current status can be found in CVE-2021-43890.

 

We are actively working to address this vulnerability. For now, we have disabled the ms-appinstaller scheme (protocol). This means that App Installer will not be able to install an app directly from a web server. Instead, users will need to first download the app to their device, and then install the package with App Installer. This may increase the download size for some packages.

 

Recommended actions

 

 

If you utilize the ms-appinstaller protocol on your website, we recommend that you update the link to your application, removing 'ms-appinstaller:?source=' so that the MSIX package or App Installer file will be downloaded to user's machine.

 

What is the ms-appinstaller protocol handler?

 

 

The MSIX app package format preserves the functionality of existing app packages and/or installation files in addition to enabling new, modern packaging and deployment features for Win32, Windows Presentation Foundation (WPF), and Windows Forms apps. MSIX is designed to make it easy for users to keep their applications up to date and ensure a smooth installation experience.

 

The ms-appinstaller protocol handler was introduced to enable users to seamlessly install an application by simply clicking a link on a website. What this protocol handler provides is a way for users to install an app without needing to download the entire MSIX package. This experience is popular, and we are thrilled that it has been adopted by so many people today.

 

When will you re-enable the protocol?

 

 

We recognize that this feature is critical for many enterprise organizations. We are taking the time to conduct thorough testing to ensure that re-enabling the protocol can be done in a secure manner. We are looking into introducing a Group Policy that would allow IT administrators to re-enable the protocol and control usage of it within their organizations.

 

Learn more

 

 

As mentioned above, we are working to enable this feature as soon as possible. This may require some changes on your part. In the meantime, please refer to the following resources for more information:

 

 

Continue reading...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...