"๐Ÿšจ Windows App Installer Vulnerability: A New Twist in Cybersecurity ๐Ÿšจ"

Microsoft has temporarily disabled the MSIX ms-appinstaller protocol handler in Windows due to security concerns. This action was taken because malicious groups, like the Sangria Tempest group (also known as FIN7), were using it to distribute malware. This vulnerability, known as CVE-2021-43890, was exploited through phishing and malicious ads, often resulting in ransomware attacks. These attacks were able to bypass Defender SmartScreen and browser security warnings. Microsoft initially disabled this handler in February 2022 to counter Emotet attacks and has now decided to disable it again due to ongoing misuse by financially motivated threat groups.

The MSIX ms-appinstaller protocol handler is an important part of the MSIX package format. It simplifies the process of installing Windows applications directly from a URL, making it easier for developers and users. MSIX is a modern app package format for Windows that combines the best features of MSI, .appx, App-V, and ClickOnce installation technologies. Its main goal is to help developers package and distribute their applications efficiently and reliably, ensuring compatibility.

For more on CVE-2021-43890: Microsoft Advisory
For details on FIN7: MITRE - FIN7

Tags: #CyberSecurity #WindowsVulnerability #MSIX #ProtocolHandler #Malware #Ransomware #Phishing #ThreatIntelligence #SangriaTempest #FIN7 #MicrosoftSecurity

Sources:

Security Update Guide - Microsoft Security Response Center

@amaz1ng @RegierungBW @strohfelder @EC_NGI @itteam

One possibility for sharing buttons for Matodon is to advocate for an URL scheme like `mastodon://` or better `activitypub://` and bring support for it to all major browser and mobile terminal devices!

See discussion here: https://github.com/mastodon/mastodon/issues/19679#issuecomment-1301180085

#URLScheme #ProtocolHandler #MastoDev

Use web-based protocol handlers to make following across instances easier ยท Issue #19679 ยท mastodon/mastodon

Pitch Use web-based protocol handlers to automatically direct follow requests to the users instance. When the User logs in to their instance for the first time, they are given an opportunity to reg...

GitHub

RT @ThaUnknown_@twitter.com

@ChromiumDev@twitter.com check out my view on the future of #PWA's with https://github.com/ThaUnknown/pwa-haven. The goal is to have PWA's replace as many simple native apps as possible

#FileHandling #FileSystemAccess #LaunchHandler #URLHandlers #ProtocolHandler #DeclarativeLinkCapturing #WASM #P2P #WebRTC

๐Ÿฆ๐Ÿ”—: https://twitter.com/ThaUnknown_/status/1493030242558132228

GitHub - ThaUnknown/pwa-haven: Collection of small, fast, simple PWA's to replace native OS apps.

Collection of small, fast, simple PWA's to replace native OS apps. - GitHub - ThaUnknown/pwa-haven: Collection of small, fast, simple PWA's to replace native OS apps.

GitHub

๐Ÿ“ข Let installed PWAs handle links ๐Ÿ”— that use a specific protocol (like `bitcoin://` or `web+coffee://`) for a more integrated experience: URL protocol handler registration for PWAs!
@tomayac has summarized everything you need to know!
#ProtocolHandler
https://web.dev/url-protocol-handler/

 https://twitter.com/ChromiumDev/status/1392019338992013315

URL protocol handler registration for PWAs

After registering a PWA as a protocol handler, when a user clicks on a hyperlink with a specific scheme such as mailto, bitcoin, or web+music from a browser or a platform-specific app, the registered PWA will open and receive the URL.

RT @ChromiumDev@twitter.com

๐Ÿ“ข Let installed PWAs handle links ๐Ÿ”— that use a specific protocol (like `bitcoin://` or `web+coffee://`) for a more integrated experience: URL protocol handler registration for PWAs!

https://web.dev/url-protocol-handler/

@tomayac@twitter.com has summarized everything you need to know!
#ProtocolHandler

๐Ÿฆ๐Ÿ”—: https://twitter.com/ChromiumDev/status/1392019338992013315

URL protocol handler registration for PWAs

After registering a PWA as a protocol handler, when a user clicks on a hyperlink with a specific scheme such as mailto, bitcoin, or web+music from a browser or a platform-specific app, the registered PWA will open and receive the URL.