Jump to content
  • Microsoft patches critical vulnerability used to install malware on Windows PCs

    Karlston

    • 1 comment
    • 575 views
    • 2 minutes
     Share


    • 1 comment
    • 575 views
    • 2 minutes

    Microsoft released a security update today addressing a critical vulnerability in Windows that attackers were exploiting to install malware on unsuspecting users’ machines. The flaw, involving the ms-appinstaller URI scheme, allowed malicious actors to bypass traditional security measures and silently plant dangerous software during web browsing.

     

    Have you ever imagined downloading an app from a sketchy website? Unfortunately, hackers have found a way to do this on Windows computers without detection. Luckily, Microsoft has caught them and stopped their sneaky tactics.

     

    The trick that these hackers used involved a hidden shortcut called “ms-appinstaller” which allowed them to sneak malware onto your PC. However, Microsoft has disabled this shortcut, which means that any apps downloaded from websites must go through a security check just like when you normally download a file.

     

    The vulnerability stemmed from the ms-app installer scheme allowing websites to install apps using MSIX packages directly. Attackers crafted phishing schemes that tricked users into clicking links, triggering the installation of malware disguised as legitimate software. This bypasses local antivirus protections, putting users at risk of data theft, financial loss, and even system hijacking.

     

    Fortunately, Microsoft acted swiftly to patch the vulnerability. On December 28th, the company rolled out an update that disables the ms-appinstaller scheme by default. This means users can no longer directly install apps from web pages, forcing them to download the MSIX package first, giving antivirus software a chance to scan it for threats.

     

    More here.

     

    Source

    • Like 2

    User Feedback

    Recommended Comments



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...