Microsoft releases patch for critical vulnerability in Windows 11 and 10.

According to GizChina , Microsoft stated that the aforementioned Windows 11 and 10 vulnerability could be exploited by attackers to install malware on users' devices. This vulnerability exists in the ms-appinstaller Unified Resource Identifier (URI) scheme. Attackers could use this vulnerability to bypass standard security measures and silently install malicious software while users browse the web.

The vulnerability, designated CVE-2023-44234, allows attackers to exploit a weakness in Windows to install malware without user interaction. This vulnerability can lead to breaches of the security, integrity, and availability of affected systems. The vulnerability is considered critical because it allows code execution without user interaction. This can result in malware self-installation or other remote execution scenarios without warning or prompts.

To address this critical vulnerability, Microsoft has released a security patch to resolve the issue and prevent malware from installing on affected systems. The patch is recommended for immediate application as it mitigates the risks associated with the vulnerability on Windows 11 and 10. Attackers used ms-appinstaller to hide shortcuts and secretly install malware on the victim's PC. However, Microsoft has disabled this shortcut in the recently released patch, meaning any application downloaded from the website must now pass security checks like a normal file download. The patch also resolves the issue and helps users/IT administrators keep their devices secure.

Microsoft's release of this security patch is an important step in addressing a critical vulnerability in Windows 11 and 10. Users and IT administrators are encouraged to apply the patch immediately to protect their devices from potential malware attacks. By doing so, they can maintain system security and compliance, ensuring a safe and secure computing environment.