Forum Discussion
The ms-appinstaller protocol has been disabled.
- Dec 15, 2021
bvenhaus Thank you for your question. We removed the ms-appinstaller custom scheme due to a security vulnerability. We do intend to bring this back, and are working on it. For now, you can update the link on your website by removing 'ms-appinstaller:?source='
<html> <body> <h1> MyApp Web Page </h1> <a href="http://mywebservice.azureedge.net/HubApp.msix"> Install app package </a> <a href="http://mywebservice.azureedge.net/HubAppBundle.msixbundle"> Install app bundle </a> <a href="http://mywebservice.azureedge.net/HubAppSet.appinstaller"> Install related set </a> </body> </html>
https://msrc.microsoft.com/submission/VULN-058721
The security team declined to investigate the issue, citing this thread as the official guidance.
If you have a support channel through MSFT from your business, please open and escalate an issue. It doesn't feel like the people engaged in this conversation realize the implication of their actions and I haven't yet found someone to take responsibility for fixing it.
---
Received via email:
Hello Jay,
Thank you for contacting the Microsoft Security Response Center (MSRC). We appreciate the time taken to submit this issue.
We are aware of the issue you have reported regarding the MSIX installer. While this issue doesn't meet the definition of a vulnerability that MSRC can help with, we are aware that the issue is being supported through the following resources:
<"https://docs.microsoft.com/en-us/windows/msix/app-installer/installing-windows10-apps-web"> -> "The ms-appinstaller scheme(protocol) has been disabled."
and
<"https://techcommunity.microsoft.com/t5/msix-deployment/the-ms-appinstaller-protocol-has-been-disabled/m-p/3038361"> where Aditi_Narvekar from Microsoft has replied.
and you may also contact support for more information:
Contact Us - Microsoft Support
We have also shared your feedback with the engineering team who own the ms-appinstaller scheme(protocol).
As such, this MSRC thread is being closed and no longer monitored. We apologize for any inconvenience this may have caused. More information on reporting a security vulnerability can be found at <"https://www.microsoft.com/msrc/faqs-report-an-issue.">
Regards,
Duncan 
MSRC