Microsoft has disabled the ms-appinstaller protocol handler as default after it found new evidence of hackers using it to deploy malware.
“The observed threat actor activity abuses the current implementation of the ms-appinstaller protocol handler as an access vector for malware that may lead to ransomware distribution,” Microsoft said in a new security advisory.
Furthermore, the Redmond giant saw hackers selling malware kits on the dark web, which use the MSIX file format and the ms-appinstaller protocol handler.