CySecurity News – Latest Information Security and Hacking Incidents
Threat actors were able to use a vulnerability in Microsoft Defender antivirus on Windows to learn about unscanned places and plant malware there. According to several users, the issue has existed for at least eight years and affects both Windows 10 21H1 and Windows 10 21H2. According to security researchers, the list of locations that are not scanned by Microsoft Defender are insecure and accessible to any local user.
Windows Defender is an anti-malware component of Microsoft Windows. It was first made available as a free anti-spyware download for Windows XP, and it was then bundled with Windows Vista and Windows 7. It has evolved into a full antivirus solution, replacing Microsoft Security Essentials in Windows 8 and later editions.
Local users, regardless of their permissions, can query the registry to see which paths Microsoft Defender is not permitted to check for malware or hazardous files. According to Antonio Cocomazzi, a SentinelOne threat researcher who reported the RemotePotato0 vulnerability, there is no protection for this sensitive information, and running the “reg query” command reveals everything that Microsoft Defender is not supposed to scan, whether it is files, folders, extensions, or processes.
Like any other antivirus software, Microsoft Defender allows customers to specify which locations (local or network) on their PCs should be excluded from malware scanning. Exclusions are routinely used to keep antivirus software from interfering with the operation of legitimate apps
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: