News

Microsoft Defender vulnerability allows malware nesting

Photo of Simon Lüthje Simon Lüthje18. January 2022

Microsoft’s own virus scanner solution repeatedly secures the top spot in expert tests. Now, a nasty Microsoft Defender security flaw ensures that stray malware can infiltrate PCs and notebooks.

Microsoft Defender vulnerability on Windows 10

An access rights vulnerability is currently causing an annoying Microsoft Defender security flaw. This allows malware to hide from the virus scanner and thus infect PCs and notebooks.

With the help of a simple command, every logged-in user is able to read the list of scan exceptions of the Microsoft virus scanner. If malware is placed in this directory, it becomes invisible to threat scanning.

IT security researcher Antonio Cocomazzi from SentinelOne reported the vulnerability via Twitter. It is not possible to say for sure whether this is already being actively exploited.

https://twitter.com/splinter_code/status/1481073265380581381

However, not only local exception rules on individual systems are affected, but also Windows domains with scan exceptions defined via group policies. Windows 10 build 21H1 and build 21H2 are affected by the vulnerability, while Windows 11 does not have the Microsoft Defender vulnerability.

As early as May 2021, Paul Bolten via Twitter reported the vulnerability, but it has still not been closed since then.

Easy game

The read rights for all users or “Authenticated Users” makes it easy for malware software to access the PC. However, professional attackers can hide the malware from third-party antivirus solutions with a little more effort, without using the scanning exceptions.

Anti-virus software manufacturers regularly provide new signatures and also heuristic methods, which are usually already cracked within a few minutes. Thus, malware has an easy game again in a customized version. This step is unnecessarily simplified by the Microsoft Defender security vulnerability.

How to fix the vulnerability

However, checking and adjusting the permissions is not a problem for experienced users with the help of the registry editor regedit. This can be easily viewed in the following path:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions

.
It is unclear whether Microsoft will be able to address and fix the problem with an update.

Tags
Photo of Simon Lüthje Simon Lüthje18. January 2022
Photo of Simon Lüthje

Simon Lüthje

I am co-founder of this blog and am very interested in everything that has to do with technology, but I also like to play games. I was born in Hamburg, but now I live in Bad Segeberg.

Related Articles

Microsoft data leak: data from more than 65,000 companies public

23. October 2022
Xbox App auf Samsung 2022 Smart-TVs

Cloud gaming: Xbox app coming to Samsung 2022 smart TVs

10. June 2022

Microsoft buys 4 percent of London Stock Exchange Group

14. December 2022

Trump wants to ban TikTok in the USA – Microsoft allegedly considering buying

3. August 2020

No replies yet

Beginne die Diskussion →

Neue Antworten laden...

Avatar of Basic Tutorials
Basic Tutorials

Neues Mitglied

3,264 Beiträge 1,471 Likes
Angeheftet Jan 18, 2022

Microsoft’s own virus scanner solution repeatedly secures the top spot in expert tests. Now, a nasty Microsoft Defender security flaw ensures that stray malware can infiltrate PCs and notebooks. Microsoft Defender vulnerability on Windows 10 An access rights vulnerability is currently causing an annoying Microsoft Defender security flaw. This allows malware to hide from the … (Weiterlesen...)

Antworten Like

Beteilige dich an der Diskussion in der Basic Tutorials Community →

Back to top button