Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Microsoft disables MSIX protocol handler abused in Emotet attacks
#1
Quote:Microsoft has disabled the MSIX ms-appinstaller protocol handler exploited in malware attacks to install malicious apps directly from a website via a Windows AppX Installer spoofing vulnerability.
Today's decision comes after the company released security updates to address the flaw (tracked as CVE-2021-43890) during the December 2021 Patch Tuesday and provided workarounds to disable the MSIX scheme without deploying the patches.
The likely reason for disabling the protocol altogether is to protect all Windows customers, including those who haven't yet installed the December security updates or applied the workarounds.

"We are actively working to address this vulnerability. For now, we have disabled the ms-appinstaller scheme (protocol). This means that App Installer will not be able to install an app directly from a web server. Instead, users will need to first download the app to their device, and then install the package with App Installer," said Microsoft Program Manager Dian Hartono.
"We recognize that this feature is critical for many enterprise organizations. We are taking the time to conduct thorough testing to ensure that re-enabling the protocol can be done in a secure manner.
"We are looking into introducing a Group Policy that would allow IT administrators to re-enable the protocol and control usage of it within their organizations."



Source https://www.bleepingcomputer.com/news/mi...t-attacks/
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Microsoft starts killing off WMIC in Windows, will thwart attacks Mohammad.Poorya 0 1,233 02-13-2022 , 05:20 AM
Last Post: Mohammad.Poorya
  Microsoft Office 365 Attacks Sparked from Google Firebase tarekma7 0 1,002 02-04-2021 , 06:35 PM
Last Post: tarekma7

Forum Jump:


Users browsing this thread: 1 Guest(s)