How to fix the Windows AppX Installer Spoofing Vulnerability with Vulnerability Manager Plus*

How to fix the Windows AppX Installer Spoofing Vulnerability with Vulnerability Manager Plus*

*- This also applies to the Vulnerability Management add-on to Desktop Central.  

 

 

The Windows AppX Installer Spoofing Vulnerability (CVE-2021-43890) was released on December 14, 2021. The mitigation and workarounds for this vulnerability can be found in the security advisory released by Microsoft.

 

Vulnerability Manager Plus takes charge of scanning and discovering all managed endpoints with this vulnerability. However, endpoints may contain multiple user accounts and all these user accounts might run different versions of this application, some of which may or may not contain the vulnerability in question. Vulnerability Manager Plus currently does not differentiate and explicitly mention the user account with the vulnerability, instead it identifies the endpoint itself as vulnerable even if only one user account contains the vulnerability.

 

To identify the exact user account that runs the affected version of the application, the following steps must be followed:

 

1. Open PowerShell as administrator in the affected endpoint

2. Run the following command:

Get-AppxPackage -AllUsers -Name Microsoft.DesktopAppInstaller

3. Refer to PackageUserInformation and the Version column of the output to know which user accounts run the affected version of the application.  

 

Note: Vulnerability Manager Plus does not discover this vulnerability in the application if it is still in the staged state. The vulnerability will only be identified after the applications move from the staged stated to the installed state. Refer to these advisories from Microsoft for further information regarding the staged state: