Windows 10: beware, this major flaw in Microsoft Defender allows malware to be installed incognito


A flaw in the free Microsoft Defender antivirus makes it very easy to bypass software defense systems. A hacker has the possibility of knowing the locations excluded by the analysis tool and of installing all types of malware there.

It’s been 8 years since a security breach affected theMicrosoft Defender antivirus, the security solution that equips PCs running Windows 10 and Windows 11 free of charge, as well as recent versions of Windows Server. And it has not been filled for 8 years by Microsoft.

In question : files to exclude during a Microsoft Defender virus scan. Indeed, the list of excluded elements is visible to all users of a PC. Therefore, a hacker who has control of the computer can install and execute any malware, without being worried by the operating system.

This flaw allows bypassing the defenses of Microsoft Defender Antivirus

Regardless of the security software used, it generally allowsexclude certain folders and files from scanning. A feature undoubtedly appreciated by users of pirate key generators, but not only… A good number of very recent applications (from Github, for example), or compressed using non-standard software (the followers of the demomakers scene know this) are sometimes falsely declared to be infected with malware. Those false positives are then quarantined by the antiviral analysis tool or directly deleted from the hard disk.

Read also: Windows Defender: you will soon be able to control the security of your PC on Android and iOS

This is why antiviruses allow you to specify the locations to be omitted during a scan of the computer’s hard disk. But in the case of Microsoft Defender Antivirus, there is a catch and it is a major one: the list of folders to omit is stored in the clear on the computer. If this list can only be consulted locally (it is therefore necessary to have control over a PC), any user has the possibility of viewing its content. And regardless of access rights : administrators as guests are all relegated to the same plan. A simple execution of the command query allows, since Windows 10, to list all the elements that are not scanned by the antivirus, whether it is a file, a folder, an extension or a process.

Therefore, an attacker can save malware in the omitted folder during a scan and run it afterwards, without Microsoft Defender raising the alarm. This is the experiment carried out successfully by the Bleeping Computer site. According to security expert Nathan McNulty, the flaw affects Windows 10 21H1 and Windows 10 21H2. On the other hand, it does not seem to concern Windows 11, which is already a good thing for those who have migrated to the new version of the OS. Still, no patch has been made by Microsoft since the discovery of this failure.

Source: Bleeping Computer



Source link -101