February 5, 2022 By Sayan Sen
Microsoft has formally announced today that it has disabled the MSIX app-installer protocol in order to prevent malicious attacks. This protocol allowed a user to install various applications directly from a web server skipping the need to download them first to local storage. The idea was that this method would save space for users since the entire MSIX package did not need to be downloaded.
However, it was noticed that such Windows App Installer packages were being used to distribute malicious PDFs like those from Emotet and BazarLoader malware. Hence the protocol was disabled last year with the formal announcement coming today. This Windows AppX Installer spoofing vulnerability was assigned the ID CVE-2021-43890.
