CyberSecurityBoard
Sponsor Register Login

Microsoft disables Windows app installation, again The Register

Microsoft has disabled a protocol that allowed the installation of Windows apps after finding that miscreants were abusing the mechanism to install malware.
The move came just before Christmas, and seemingly mimicked issues first reported in December 2021, to address a Windows AppX Installer vulnerability in which an attacker could spoof App Installer into installing malicious software.
Microsoft re-enabled the protocol, known as the ms-appinstaller URI scheme, on August 5, 2022, with the release of Windows 11 Insider Preview Build 25147.
It made the protocol available to some enterprise customers who chose to use it via the Local Group Policy Editor.
The ms-appinstaller URI scheme allows the MSIX package installer to install Windows apps from a web page using the local App Installer application.
Doing so allows installation without the need for local storage.
This has proven to be a popular feature, according to Microsoft.
Alas, as the Microsoft Threat Intelligence group noted last week, miscreants have been abusing the ms-appinstaller URI scheme to distribute malware.
It appears that the protocol provided a way around Microsoft's security checks.
For enterprise customers, pushing out a network-wide policy change may take some effort.
For those who rely on web-based installation as an app distribution channel, the consequence is a bit more friction for downloading and installation after proper checks.


This Cyber News was published on go.theregister.com. Publication date: Thu, 04 Jan 2024 00:43:05 +0000


Cyber News related to Microsoft disables Windows app installation, again The Register

Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
11 months ago Microsoft.com
Windows 10 Extended Security Updates Promised for Small Businesses and Home Users - Already common for enterprises, for the first time, individuals will also get the option to pay for extended security updates for a Windows operating system that's out of support. Windows 10 will stop getting free updates, including security fixes, ...
11 months ago Techrepublic.com
CVE-2013-0135 - Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) ...
7 years ago
Fake Ledger Live app in Microsoft Store steals $768,000 in crypto - Microsoft has recently removed from its store a fraudulent Ledger Live app for cryptocurrency management after multiple users lost at least $768,000 worth of cryptocurrency assets. Published with the name Ledger Live Web3, the fake application ...
11 months ago Bleepingcomputer.com
Fake app impersonating LastPass spotted in Apple's App Store The Register - LastPass says a rogue application impersonating its popular password manager made it past Apple's gatekeepers and was listed in the iOS App Store for unsuspecting folks to download and install. A screenshot of the fake LastPass app in the Apple App ...
8 months ago Go.theregister.com
Microsoft disables Windows app installation, again The Register - Microsoft has disabled a protocol that allowed the installation of Windows apps after finding that miscreants were abusing the mechanism to install malware. The move came just before Christmas, and seemingly mimicked issues first reported in December ...
10 months ago Go.theregister.com
CVE-2017-17713 - Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp ...
6 years ago
CVE-2017-17714 - Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, ...
6 years ago
Financially motivated threat actors misusing App Installer - Since mid-November 2023, Microsoft Threat Intelligence has observed threat actors, including financially motivated actors like Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674, utilizing the ms-appinstaller URI scheme to distribute malware. In ...
10 months ago Microsoft.com
CVE-2023-52780 - In the Linux kernel, the following vulnerability has been resolved: net: mvneta: fix calls to page_pool_get_stats Calling page_pool_get_stats in the mvneta driver without checks leads to kernel crashes. First the page pool is only available if the bm ...
5 months ago Tenable.com
CVE-2024-47716 - In the Linux kernel, the following vulnerability has been resolved: ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Floating point instructions in userspace can crash some arm kernels built with clang/LLD 17.0.6: BUG: unsupported FP ...
2 weeks ago Tenable.com
New Microsoft Incident Response guides help security teams analyze suspicious activity - Today Microsoft Incident Response are proud to introduce two one-page guides to help security teams investigate suspicious activity in Microsoft 365 and Microsoft Entra. These guides contain the artifacts that Microsoft Incident Response hunts for ...
9 months ago Microsoft.com
Microsoft No Longer Selling Windows 10 Licenses Redirects to Windows 11 Product Pages - Marking an end to an era, Microsoft is no longer directly selling Windows 10 product keys on their website, instead redirecting users to Windows 11 product pages. This month, Microsoft began displaying an alert on their Windows 10 Home and Pro ...
1 year ago Bleepingcomputer.com
Fake LastPass password manager spotted on Apple's App Store - LastPass is warning that a fake copy of its app is being distributed on the Apple App Store, likely used as a phishing app to steal users' credentials. The fake app uses a similar name to the genuine app, a similar icon, and a red-themed interface ...
8 months ago Bleepingcomputer.com
Its Groundhog Day at Microsoft! Vulnerability patched again - ADVERTISEMENT. Windows administrators may have similar feelings to Murray's in regards to vulnerability CVE-2021-43890. First patched in December 2021, Microsoft announced in December 2023 that it has detected attacks in the wild and patched the ...
10 months ago Ghacks.net
Microsoft Introduces PC Cleaner App to Boost PC Performance - In a move to enhance user experience, Microsoft has predicated its PC Cleaner app, now conveniently available on the Microsoft Store for both Windows 10 and Windows 11 users. Developed and tested since 2022 under the name PC Manager, originally ...
8 months ago Cysecurity.news
Microsoft deprecates Defender Application Guard for Office - Microsoft is deprecating Defender Application Guard for Office and the Windows Security Isolation APIs, and it recommends Defender for Endpoint attack surface reduction rules, Protected View, and Windows Defender Application Control as an ...
11 months ago Bleepingcomputer.com
Microsoft disables MSIX protocol handler abused in malware attacks - Microsoft has again disabled the MSIX ms-appinstaller protocol handler after multiple financially motivated threat groups abused it to infect Windows users with malware. The attackers exploited the CVE-2021-43890 Windows AppX Installer spoofing ...
10 months ago Bleepingcomputer.com
Microsoft releases first Windows Server 2025 preview build - Microsoft has released Windows Server Insider Preview 26040, the first Windows Server 2025 build for admins enrolled in its Windows Insider program. This build is the first pushed for the next Windows Server Long-Term Servicing Channel Preview, which ...
9 months ago Bleepingcomputer.com
How to manage a migration to Microsoft Entra ID - Microsoft Entra ID, formerly Azure Active Directory, is not a direct replacement for on-premises Active Directory due to feature gaps and alternative ways to perform similar identity and access management tasks. For some organizations, a move to ...
10 months ago Techtarget.com
Secure Financial Apps: Proactive Measures - People are using multiple apps to transfer, invest, and save money as per their requirements. These are some of the scenarios within a financial app where cybersecurity can play a key role in averting fraudulent transactions. Of late, a lot of ...
10 months ago Feeds.dzone.com
Microsoft Will Charge for Windows 10 Security Updates in 2025 - All good things must come to an end, and a decade after its first release, Windows 10 will finally be sent to a farm upstate. It had a good run, though Microsoft plans to keep dropping security updates after the OS' demise on Oct. 14, 2025. Just be ...
11 months ago Packetstormsecurity.com
What Do Apple's EU App Store Changes Mean for App Developers? - In order to comply with the European Union's Digital Markets Act, Apple announced on Jan. 25 changes to its payment system for app sellers in the EU, and that it was letting go of the hold its App Store has over iOS app distribution in the EU. As ...
9 months ago Techrepublic.com
Microsoft issues two-year warning for end of Windows 10 The Register - Microsoft on Tuesday warned that full security support for Windows 10 will end on October 14, 2025, but offered a lifeline for customers unable or unwilling to upgrade two years hence. Extended Security Updates will keep Windows 10 systems ...
11 months ago Go.theregister.com
Windows 11 24H2 now rolling out, here are the new features - Version 24H2 is now also accessible via Windows Server Update Services (including Configuration Manager), Windows Update for Business, and the Microsoft 365 admin center. Microsoft suggests that businesses start targeted rollouts to ensure ...
1 month ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)