Microsoft Defender Glitch Allowed Hackers to Evade AV Detection

Security researchers have highlighted a serious technical glitch in Microsoft Defender antimalware program. Briefly, Microsoft Defender exposed the AV exclusion to anyone, allowing potential adversaries to exploit/deploy malware while evading detections.

Researcher Points Out A Microsoft Defender Glitch

Security researcher Antonio Cocomazzi from SentinelOne recently discovered a Microsoft Defender glitch that existed for years.

Sharing about it in a tweet, the researcher mentioned how Defender exposed details of antivirus exclusions.

Consequently, this would allow an attacker to plant malware in excluded folders to escape Microsoft Defender detection.

According to another researcher, the glitch existed for at least 8 years.

In Windows 10, these exclusions were even possible to view via the GUI.

This security vulnerability is particularly important for corporate users. While exploiting the vulnerability requires local access, it isn’t difficult for an attacker who has already infiltrated the network. Accessing the exclusion list was possible for any user privilege, thus increasing the severity of the matter.

Microsoft Fixed The Matter

The researchers observed that the glitch affected the latest Windows 10 21H1 and Windows 10 21H2 alongside the previous Windows versions. However, it didn’t affect Windows 11.

The most obvious fix for this glitch is to update to the latest Windows 11. Nonetheless, since this isn’t possible for many existing Windows 10 users due to the hardware requirements for the upgrade, Microsoft has fortunately addressed the matter in Windows 10 too.

According to another researcher, the tech giant has fixed the glitch “in PrivescCheck”.

So now, Windows 10 users do have a patch for this issue. It now requires all users to vigilantly monitor their systems and networks for security. Users should also review their AV exclusion lists to be sure about the exclusions. As the researcher Nathan McNulty highlighted,

Let us know your thoughts in the comments.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil