[BUG] MISX unable to perform auto update for packaged Enterprise application due to CVE-2021-43890 security update

[ChrisMyrick]

Project MSIX SDK

Describe the bug The appinstaller protocol has been intentionally disabled by a Microsoft update to address security issues described in CVE-2021-43890. The appinstaller protocol is necessary for the MSIX tooling to be able to check for updates posted to a web app url (in our case, built in Azure Devops CD automation which delivers package to Azure web app location defined in the MSIX package).

When MSIX attempts to check for an update, the following information is presented to the user -

Temp Work Around We will manually retrieve the updates being built via continuous delivery and automate pushing it to end users on a set schedule.

[anarvekar-msft]

Hi @ChrisMyrick, thank you for your question. To obtain updated packages, the work around right now can't use the ms-appinstaller. See https://github.com/MicrosoftDocs/msix-docs/issues/282

[ChrisMyrick]

Hi,

To be clear, this bug report is not a question. I am informing you that MSIX auto updates is effectively broken and needs resolution ASAP. More info and scope of issue here - https://techcommunity.microsoft.com/t5/msix/the-ms-appinstaller-protocol-has-been-disabled/m-p/3038361#M2803