A dangerous Windows Defender vulnerability that had not been noticed for years has been eliminated.
A Windows Defender vulnerability that had not been noticed by Microsoft for 12 years has finally been patched. It is stated that, thanks to the vulnerability in Microsoft’s integrated antivirus software, it is possible for attackers to run malicious code or to overwrite files. Security firm SentinelOne researchers discovered and reported the vulnerability in the autumn. The correction has been made after that.
According to Wired’s report, the reason why the vulnerability has remained hidden for so long is that it is not actively present in the computer’s storage. Instead, it is included in a Windows system called a dynamic link library. It is also among the information that Windows Defender only installs this driver when needed before deleting it from the computer’s disk.
It is shared that when the driver removes a malicious file, it replaces it with a new, harmless file as a placeholder of sorts during recovery. On the other hand, it is stated that the system does not specifically validate this new file, and an attacker can add strategic system links that lead the driver to overwrite the wrong file or even run malicious code. In addition, attackers need to access your computer, either physically or remotely, to exploit this vulnerability.
Microsoft and SentinelOne state that there is no evidence that the patched vulnerability has been abused so far. The company says users who install the February 9 patch manually or through automatic updates are protected.