News

Microsoft fixes Defender vulnerability that allowed antivirus to bypass

By admin
Spread the love

Microsoft has addressed a vulnerability in its Defender antivirus tool without publicity. The change makes it no longer possible to place malware via a certain method without Defender sounding the alarm.

The change was made last week and now requires administrator rights by default to access exclusions via Windows Security and the registry key HKLMSoftwareMicrosoftWindows DefenderExclusions. Previously, that key could be retrieved from the registry for every Windows user. The adjustment was noticed by security expert SecGuru_OTX† Microsoft hasn’t published anything about it yet.

The key contains a list of files, folders, and other locations that Defender must exclude from scanning for malware. Malicious persons could abuse this ability to exclude locations and place malware there, which would then go undetected by Defender, Bleeping Computer writes. The fact that no administrator rights were required greatly increased the risk of abuse. The vulnerability would already since 2014 attended and also worked in conjunction with Group Policies.

Source: SecGuru_OTX

You might also like
News

Blizzard will release certain games via Steam, starting with Overwatch 2

News

EU Council determines position on security requirements for digital products

News

Microsoft and Activision Blizzard postpone acquisition deadline until October

News

Microsoft announces Bing Chat Enterprise and Copilot pricing for businesses

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

‘Microsoft wants to postpone deadline for Activision Blizzard…