Microsoft disables MSIX protocol handler abused in malware attacks

Microsoft has once more deactivated its MSIX ms-appinstaller protocol after it was abused by threat groups to distribute malware into Windows systems. This follows exploitation of the CVE-2021-43890 Windows AppX Installer vulnerability, enabling evasion of protective measures like Defender SmartScreen. Threat actors employed malicious ads and phishing messages to push malware, with potential links to ransomware operations. Microsoft has advised installing a patched App Installer version to block exploitation attempts.