How to fix cve-2021-43890

Microsoft recently published the following vulnerability cve-2021-43890 that is currently exploited by malware like Emotet/Trickbot/Bazaloader.

If your computer doesn’t have access to the store, it may not be that straightforward to install the fixed universal app to all users of a Windows 10 computer.

If the computer is not vulnerable, it’ll tell you the above message.

If it installed the required patched universal app, it’ll say “Successfully provisionned Microsoft.DesktopAppInstaller”.

You can run the code in a scheduled tasked running under the System account. Any user that has an interactive session opened will get the new Appx in his account.

If there’s a local user profile but the user is not logged on, it’ll automatically get the updated appx after an interactive logon.

#Requires -RunAsAdministrator
[CmdletBinding()]
Param()
Begin {}
Process {
if ([version]'1.16.13405.0' -gt [version](Get-AppxPackage Name 'Microsoft.DesktopAppInstaller' ErrorAction SilentlyContinue).Version) {
$zip = (Join-Path Path $env:TEMP ChildPath 'Microsoft.DesktopAppInstaller_1.16.13405.0_8wekyb3d8bbwe.zip')
$zipFolder = "$($zip -replace '\.zip','')"
if (-not(Test-Path Path $zip)) {
$HT = @{
Uri = 'https://download.microsoft.com/download/6/6/8/6680c5b1-3fbe-4b70-8189-90ea08609563/Microsoft.DesktopAppInstaller_1.16.13405.0_8wekyb3d8bbwe.zip'
UseBasicParsing = $true
ErrorAction = 'Stop'
OutFile = $zip
}
try {
Invoke-WebRequest @HT
} catch {
Write-Warning Message "Failed to download zip because $($_.Exception.Message)"
}
}
if (Test-Path Path $zip) {
if ((Get-FileHash Path $zip).Hash -eq 'e79cea914ba04b953cdeab38489b3190fcc88e566a43696aaefc0eddba1af6ab' ) {
try {
Expand-Archive Path $zip DestinationPath (Split-Path $zipFolder Parent) Force ErrorAction Stop
} catch {
Write-Warning Message "Failed to unzip because $($_.Exception.Message)"
}
if ('Valid' -in (Get-ChildItem Path "$($zipFolder)\*" Include * Recurse Exclude '*.xml' | Get-AuthenticodeSignature |
Select-Object ExpandProperty Status | Sort-Object Unique)
) {
$HT = @{
Online = $true
PackagePath = Join-Path Path $zipFolder ChildPath 'Microsoft.DesktopAppInstaller_1.16.13405.0_8wekyb3d8bbwe.msixbundle'
SkipLicense = $true
ErrorAction = 'Stop'
}
try {
$r = Add-AppxProvisionedPackage @HT
if ($r.Online) {
Write-Verbose 'Successfully provisionned Microsoft.DesktopAppInstaller' Verbose
}
} catch {
Write-Warning Message "Failed to install Appx because $($_.Exception.Message)"
}
}
} else {
Write-Warning Message "Downloaded zip file thumbprint (SHA256) doesn't match"
}
} else {
Write-Warning Message "Zip file $($zip) not found"
}
} else {
Write-Verbose Message 'Current Microsoft.DesktopAppInstaller appx version is not vulnerable' Verbose
}
}
End {}
Advertisement

3 thoughts on “How to fix cve-2021-43890

  1. Hello,
    How did you get the download location below
    Uri = ‘https://download.microsoft.com/download/6/6/8/6680c5b1-3fbe-4b70-8189-90ea08609563/Microsoft.DesktopAppInstaller_1.16.13405.0_8wekyb3d8bbwe.zip’
    It should help to patch offline a similar problem with March 2022 store appx vulnerabilities
    cve-2022-24451 and cve-2022-24453

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.