When it comes to cybersecurity solutions, PC users with Windows 10 swear by the name Microsoft Defender. However, it does not mean that the antivirus solution does not have its set of flaws.
According to numerous reports, Microsoft recently patched a serious bug in its software that put millions of its users at risk. What’s even more surprising is that the company could not detect the vulnerability for the past 12 years.
What is the vulnerability?
Microsoft Defender has the responsibility of finding vulnerabilities and malware in the system and puts the files that do not pose a great threat separately. This is done to make sure that certain programs do not crash. This security flaw was discovered by a security solutions company called SentinelOne. The researchers found that the vulnerability was located in a driver file that was used by the antivirus to get rid of the malware.
When Defender removes a malicious file, it replaces the affected file with a new one. However, researchers discovered that Windows Defender does not specifically verify that new file. This could lead to a hacker to insert a malicious link that directs the driver to overwrite the wrong file or even run malicious software.
This way, the antivirus solution would be at the mercy of attackers who could manipulate the software inside. An attacker could not only delete sensitive data on the computer but also run their own code on the device to take control.
“This bug allows privilege escalation,” said Kasif Dekel, senior security researcher at SentinelOne. “Software that’s running under low privileges can elevate to administrative privileges and compromise the machine.”
Since Windows Defender is on millions of computers, fixing this vulnerability had been on high priority for the company.
The report also said that not everyone can access the vulnerability to exploit it. The attacker would need either local or remote access to the device to exploit it. It’s a good thing Windows has already fixed the issue. To make sure that your system is not vulnerable to this flaw, update to the latest Windows security February 9 patch by enabling the automatic updates option.