Is the MSIX Package Support Framework Safe? A Defensive Security Analysis

Technical Article
June 2, 20263 min readUpdated June 2, 2026

My new research paper gives the MSIX Package Support Framework a defensive security review: a threat model, benign local validation, and an enterprise mitigation framework.

Categories
Euc Enduser ComputingMicrosoftMsixApplication ManagementSecurity
Tags
MsixPsfPackage Support FrameworkMsix App AttachAzure Virtual DesktopWdacApp Control For BusinessCode SigningSupply ChainPowershellWindows

Abstract data-flow hero image for the MSIX Package Support Framework security analysis.

The Package Support Framework (PSF) is how most teams get legacy Win32 applications running inside MSIX. It is genuinely useful. It is also a full-trust layer that can run code before the user ever sees the application, and most packaging pipelines treat it as a routine default rather than a security decision.

So I asked a simple question: how much additional risk does PSF actually introduce in full-trust and App Attach environments, and which controls contain it without losing the compatibility value?

I have written up the answer as a new research paper.

📄 Read the full paper (open access, CC BY 4.0): A Defensive Security Analysis of the MSIX Package Support Framework

What you will find in it

The paper is a defensive analysis, not an exploit guide. It includes a threat model that pinpoints exactly where attacker-controlled content can enter a PSF-enabled package, a benign marker-only validation harness that tests those trust boundaries, App Control for Business (WDAC) and package-integrity results, App Attach lifecycle findings, and a 16-point enterprise mitigation framework and release-gate checklist. Every claim is graded by evidence level so nothing is overstated.

The short version of the conclusion is that PSF is not inherently unsafe, but it should be treated as a trusted, full-trust compatibility layer rather than a packaging default. The most important risk is not a user editing an installed package; it is content that enters the package before it is signed. The paper shows why, with the evidence behind it.

If you package applications, run Azure Virtual Desktop App Attach at scale, or own application control policy, it was written for you.

📄 Read it here: https://doi.org/10.5281/zenodo.20497114

If you reproduce any of it, or think I have a boundary wrong, I want to hear about it. That is the point of publishing openly.

References

Related

Related articles

MSIX and MSIX app attach High-Level Performance Testing
February 6, 2021

MSIX and MSIX app attach High-Level Performance Testing

Performance testing results comparing native installs, MSIX, and MSIX App Attach images across VHD, VHDX, and CIM formats, including the impact of the Package Support Framework on install, stage, register, and application launch timings.