Major threat groups like Emotet, Trickbot, and Bazarloader have been actively exploiting a Microsoft vulnerability tracked as CVE-2021-43890.
Microsoft Windows could allow a remote authenticated attacker to conduct a spoofing attack, caused by a flaw in the AppX Installer. By persuading a victim to install specially crafted packages, an attacker could exploit this vulnerability to conduct a spoofing attack.
According to Microsoft ,”An attacker could craft a malicious attachment to be used in phishing campaigns. The attacker would then have to convince the user to open the specially crafted attachment. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”
To stop the threat actors from abusing the ms-appinstaller protocol, Microsoft temporarily disabled the protocol. The MSIX app package format preserves the functionality of enabling new, modern packaging in addition to existing app packages and/or installation files. This protocol makes its easier for the user to ensure a smooth installation experience and to keep applications updated. With this protocol, the user can install apps without the need to download the entire MSIX package.
Remove the ‘ms-appinstaller:?source=’ if using ms-appinstaller protocol on website.
Visit the website for downloading pateches, updates, and workarounds