This dangerous Windows Defender security flaw went unnoticed for 12 years, here's how to protect your PC today – HT Tech


Microsoft Defender is one of the most reliable antivirus solutions available today if you use a PC with Windows 10, but that doesn’t mean that the software is without flaws. The company recently patched a serious bug in its software that was completely undetected for 12 years, according to a new report.

When Microsoft Defender identifies a piece of malware, it usually puts a harmless one in its place while the clean up occurs. This is presumably to stop any programs from crashing. The security vulnerability was discovered by a security firm called SentinelOne, which found that the bug was located in a driver file the antivirus uses to get rid of malware installed on the PC, according to a report from Ars Technica.

Also read: Microsoft to remove Edge Legacy desktop app with April’s Windows 10 Tuesday release

The bug stems from the method in which that file is replaced – Windows Defender didn’t check whether the file it placed there was the right one, leaving the door wide open for misuse by another software to manipulate what file was placed. Once in, an attacker could use regular software that runs on a lower level (like a notepad service) to simply bypass all the administrator blocks set in place by Windows and edit the filesystem at a system level.

It is sort of ironic that an antivirus program might end up being the tool used to reinfect a PC after cleaning up one virus. Microsoft has fixed the bug, thankfully, because the software ships with every Windows computer by default. Every single PC that was not protected by some other antivirus would thus be vulnerable to being exploited. SentinelOne reported the issue in November and the company then worked on a fix for the bug.

READ  Zoom Video stock slides as much as 15% after analyst joins in backlash on valuation fears - MarketWatch

Read more: Microsoft teams up with chipmakers to boost PC security

According to the report, however, not everyone can access the vulnerability to exploit it. An attacker would still need remote or local access to the computer they wanted to target and they would still need to compromise the Windows PC first. Nevertheless, it is good that Windows has patched the issue already – the company says that anyone who has already updated to the February 9 patch update is already protected. If you haven’t yet, now would be a good time to hit the update button, or better still, enable automatic updates instead.



READ SOURCE

LEAVE A REPLY

Please enter your comment!
Please enter your name here