CVE-2021-43890

Name of the Vulnerable Software and Affected Versions Microsoft App Installer versions prior to 1.21.3421.0

Description The issue is related to a spoofing vulnerability in the AppX installer that affects Microsoft Windows. This vulnerability can be exploited by attackers using specially crafted packages that include malware, such as Emotet/Trickbot/Bazaloader. An attacker could craft a malicious attachment to be used in phishing campaigns, and users with administrative user rights are more impacted than those with fewer user rights. Microsoft has seen an increase in activity from threat actors leveraging social engineering and phishing techniques to target Windows OS users and utilizing the ms-appinstaller URI scheme. The estimated number of potentially affected devices worldwide is not specified.

Recommendations For versions prior to 1.21.3421.0, update the App Installer to build 1.21.3421.0 or greater. As a temporary workaround, consider disabling the ms-appinstaller protocol handler to minimize the risk of exploitation. Restrict access to the ms-appinstaller URI scheme to protect the system from this vulnerability. Avoid using the ms-appinstaller protocol handler until the issue is resolved.