1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Turns out Microsoft Defender had a rather embarassing security fl

    From TechnologyDaily@1337:1/100 to All on Fri Feb 11 15:45:04 2022
    Turns out Microsoft Defender had a rather embarassing security flaw of its own

    Date:
    Fri, 11 Feb 2022 15:24:01 +0000

    Description:
    Most users can no longer see which folders are excluded from Defender's scans

    FULL STORY ======================================================================

    Microsoft appears to have quietly fixed a decade-old vulnerability in its Windows antivirus software weeks after reports first emerged.

    Initial news reports described a Microsoft Defender flaw that allowed an attacker to run virtually any malware, without triggering the antivirus programs alarms.

    The flaw is quite simple in theory, and focuses on planting malware where Microsoft Defender is not permitted to peek. Some programs trigger a false positive alert, and as such, need to be excluded from the scan. One way Defender users do this is by adding certain locations, either locally, or on
    a network, that get excluded from the scan. Shutting the doors

    The problem with this approach was that the Registry key containing the list of the excluded locations was accessible by the Everyone group, meaning local users, regardless of their permissions, could easily access it.

    Knowing where Defender cant look, planting dangerous malware suddenly gets super easy.

    The flipside to this coin is that for the flaw to be abused, the malicious actor needs to have local access, in advance. Still, that doesnt matter too much, as many malicious actors whove already compromised certain endpoints
    and networks, can use the flaw to allow stealthy lateral movement. Read More

    Windows 10 antivirus weakness lets attackers evade detection


    Is Microsoft Defender good enough for your PC or do you need a better free
    antivirus?


    The all-new version of Microsoft Defender Preview is available now, for
    free

    However, a cybersecurity expert going by the name SecGuru_OTX confirmed the vulnerability no longer works, BleepingComputer found. Soon after, Antonio Cocomazzi of SentinelOne also confirmed the issue has been fixed with the February 2022 Patch Tuesday Windows update.

    At the same time, cybersecurity analyst Will Dormann of CERT/CC claims he spotted some Windows permissions change without any updates being installed, suggesting that the change might have come from Microsoft Defender itself,
    and not through the update to the OS.

    The vulnerability was found to affect Windows 10 21H1 and Windows 10 21H2 users, but Windows 11 is safe. Here's our list of the best firewalls right
    now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/turns-out-microsoft-defender-had-a-rather-embar assing-security-flaw-of-its-own/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)