Microsoft patches critical vulnerability used to install malware on Windows PCs

Microsoft released a security update today addressing a critical vulnerability in Windows that attackers were exploiting to install malware on unsuspecting users’ machines. The flaw, involving the ms-appinstaller URI scheme, allowed malicious actors to bypass traditional security measures and silently plant dangerous software during web browsing.

Have you ever imagined downloading an app from a sketchy website? Unfortunately, hackers have found a way to do this on Windows computers without detection. Luckily, Microsoft has caught them and stopped their sneaky tactics.

The trick that these hackers used involved a hidden shortcut called “ms-appinstaller” which allowed them to sneak malware onto your PC. However, Microsoft has disabled this shortcut, which means that any apps downloaded from websites must go through a security check just like when you normally download a file.

The vulnerability stemmed from the ms-app installer scheme allowing websites to install apps using MSIX packages directly. Attackers crafted phishing schemes that tricked users into clicking links, triggering the installation of malware disguised as legitimate software. This bypasses local antivirus protections, putting users at risk of data theft, financial loss, and even system hijacking.

Fortunately, Microsoft acted swiftly to patch the vulnerability. On December 28th, the company rolled out an update that disables the ms-appinstaller scheme by default. This means users can no longer directly install apps from web pages, forcing them to download the MSIX package first, giving antivirus software a chance to scan it for threats.

More here.