January 3, 2024 at 07:07PM
Microsoft disabled the ms-appinstaller URI scheme due to its misuse by threat actors to install malware. The scheme was re-enabled on August 5, 2022, for some enterprise customers. However, its abuse allowed bypassing of Microsoft’s security checks. Microsoft is revoking abused code signing certificates and advising updates and policy changes for affected customers.
From the meeting notes, key takeaways include:
– Microsoft disabled the ms-appinstaller URI scheme due to abuse by miscreants to distribute malware.
– The company later re-enabled the protocol with certain measures in place to address the security issues.
– Microsoft is working with certificate authorities to revoke abused code signing certificates used by malware.
– Customers are advised to update App Installer and set the desired group policy to mitigate potential security risks.
If you need further details or clarifications on any of these points, do let me know.