Hello everyone,
I need some help here at work. Recently, the information security team identified a vulnerability related to our Windows 10/11 endpoint devices.
CVE-2021-43890: Windows AppX Installer Spoofing Vulnerability
The issue involves updating Microsoft.DesktopAppInstaller to the latest version. Okay, the update itself wouldn’t be a problem and usually occurs without issues. The problem arises in relation to other users’ Microsoft.DesktopAppInstaller, specifically during the query:
Get-AppPackage -Allusers -Name “Microsoft.DesktopAppInstaller”
When we try to execute the command:
Get-AppxPackage -AllUsers | Where-Object {$_.PackageFullName -like “Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe”} | Remove-AppxPackage -AllUsers
or
Remove-AppPackage -Package “Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe” -AllUsers
we receive the error:
C:\WINDOWS\system32> Remove-AppxPackage : An error occurred because a user was logged out.
Deployment Remove operation failed with target volume C: in Package
PS C:\WINDOWS\system32> Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe: with error 0x80073D19. Consult
Troubleshooting packaging, deployment, and query of Windows apps - Win32 apps | Microsoft Learn for help diagnosing deployment issues.
applications.
On line:1 character:134
- … aller_1.0.30251.0_x64__8wekyb3d8bbwe"} | Remove-AppxPackage -AllUsers
-
- CategoryInfo : NotSpecified: ( [Remove-AppxPackage], COMException
- FullyQualifiedErrorId : System.Runtime.InteropServices.COMException,Microsoft.Windows.Appx.PackageManager.Comman
ds.RemoveAppxPackageCommand