Security researchers have discovered a vulnerability in Windows Defender that attackers can theoretically use to install malware on user PCs. The vulnerability has therefore been known for eight years, but Microsoft has not commented on it to date.
In order to ensure better performance of their PC, users can also use Windows Defender to determine certain locations (local or in the network) that are excluded from the software’s malware scans. Reputable programs are often misidentified as malware. Here users must then react and set the exceptions so that the software can continue to be used.
According to a report by Bleeping Computer, security researchers have discovered a dangerous vulnerability in precisely these exceptions. The list of excluded locations is unprotected and can therefore be accessed by all local users. Theoretically, attackers have the option of picking out the folders, applications or processes that have not been scanned and installing malware there without the user noticing anything.
As the research reports show, the problem exists with Windows 10 versions 21H1 and 21H2 – Windows 11, on the other hand, is not affected.
Vulnerability in Windows Defender: To date, Microsoft has not commented on the problem
In this case, as is so often the case, a prerequisite for malware attacks is that the attacker has local access to the PC. However, since many cybercriminals are often already active on compromised networks, for example in companies, this is not an obstacle in many cases.
Particularly frightening: Researchers first became aware of the vulnerability eight years ago – according to reports, however, Microsoft has not yet commented on the problem or provided a fix. Network administrators in particular should therefore be particularly careful about which exceptions are added to Windows Defender.
After moving from Windows 10: How to solve the biggest Windows 11 annoyance
Shop recommendation for operating systems
Offer from BestCheck.de | Prices incl. VAT plus shipping