Windows 11 attiva AppX di default e pesa sulle prestazioni
#Aggiornamento #AppX #Hardware #KB5072033 #Laptop #PC #Prestazioni #SistemaOperativo #TechNews #Tecnologia #Windows11 #WindowsUpdate
https://www.ceotech.it/windows-11-attiva-appx-di-default-e-pesa-sulle-prestazioni/
Microsoft планирует обновлять через Windows Update все установленные приложения
Новая организованная платформа позволит разработчикам обновлять любые приложения напрямую из Windows Update.
https://tefida.com/microsoft-wants-windows-update-to-handle-all-apps/
#angiechen #appx #microsoft #msix #windowspacketmanager #windowsupdate #новостиit #tefidacom
So Microsoft is preparing an Xbox-compatible Handled. This is weak.
Remember, this device UX will be crap, and its only value proposition will be as a #Bazzite powered device so Steam gains more marketshare. And I'm all for it.
Wake me up when they kill their Microsoft Store and their APPX for good.
https://www.windowscentral.com/gaming/xbox/xbox-hardware-report-project-keenan-next-gen-xbox-2027
#Microsoft #Videogames #Gaming #Games #XboxHandled #Handled #SteamDeck #MicrosoftStore #Appx #MicrosoftGaming
Microsoft's first full foray into PC gaming handhelds begins with a partner device set to launch later this year, with its own Xbox Series X|S successors now fully in production.
What is Elon Musk’s ‘everything app’ X? | The Independent
https://www.independent.co.uk/tech/x-everything-app-elon-musk-twitter-b2380730.html
Microsoft AppX (UWP) concept is OK, but good grief the technical implementation is awful!
I just spent 2 hours fixing a nonsense issue, where the InstallLocation of an app was changed to NULL due to a disk volume change and of course the App failed to start or run or even uninstall. You couldn't re-install it from the store either.
Had to scrub the registry clean with SYSTEM access to get even some control over it, but now it remains to be seen if it helped or not...
#appx #uwp #windows
As promised, here are our #Yara rules for unsigned #appx/#msix Installer packages:
Installer: https://yaraify.abuse.ch/yarahub/rule/SUS_Unsigned_APPX_MSIX_Installer_Feb23/
Manifest: https://yaraify.abuse.ch/yarahub/rule/SUS_Unsigned_APPX_MSIX_Manifest_Feb23/
Also make sure to check out this thread by @nas_bench on Event Log/Sigma detections: https://twitter.com/nas_bench/status/1613541713741488128
Proof of Concept: #Malware Delivery via #appx/#msix packages.
In our test case we needed administrative permissions to install the package with putty.exe as our test payload.
We did test it first with a #Wannacry #Ransomware binary, but Windows Defender caught the payload and that didn't look so nice on a screenshot 😅
Our .appx demo package is based off of a in-the-wild sample of #Magniber #Ransomware that was signed with a stolen signature (Jan 2022). With this change in Windows 11 it is now possible to install unsigned appx packages (given required perms).
https://twitter.com/f0wlsec/status/1481338661824307204
Detection opportunities:
- Execution out of C:\Program Files\WindowsApps\
- Looking for the special OID documented by Microsoft here: https://learn.microsoft.com/en-us/windows/msix/package/unsigned-package
We are going to publish our #Yara rules for this tomorrow, stay tuned.
“The .appx file can only be installed if the system is set to the "Sideloading" or "Developer" mode. Since the error message is pretty clear most victims would probably still enable it though. Sample: e2d3af7acd9bb440f9972b192cbfa83b07abdbb042f8bf1c2bb8f63944a4ae39”
CEOTECH.IT
Tefida
.:\dGh/:.
AutisticMumTo3
Ilkka
Windows Portable Apps
SECUINFRA Falcon Team
informapirata ⁂ 
Moved to @makeappx and manifests written/edited from a template by you, not generated by Visual Studio or something (copy your AppxManifest.xml file into the directory with your payload files (which has to include all the stuff your application needs to run and any bits like images referenced in the manifest) and run makeappx pack /d InputDirectory /p OutputPackageFile.msix, then use signtool sign to add a signature). The plugins need a <MainPackageDependency> pointing to the main app, and the main app needs to use Windows.ApplicationModel.Package.Current.Dependencies to get the plugin packages and Package.InstalledLocation to find their base directories so you can actually load from them.net5.0-windows10.0.19041.0 (for earlier .NET or C++ or whatever you're sort of on your own since I didn't have to do that, but that page might say and if not look for something about Universal Windows contracts) to get access to Windows.ApplicationModel.