Microsoft Defender Antivirus fixes a reported vulnerability about a month ago, although some experts discovered his symptoms about 8 years ago. This vulnerability allowed arbitrary malicious code to run without triggering antivirus alerts.
The principle of the vulnerability is relatively simple – it allowed malware files to be placed in folders that Microsoft Defender cannot access. Such folders are usually used to host normal programs that cause antivirus false positives for various reasons, so they need to be excluded from scanning.
The problem with this approach is that the registry entry listing such exclusions was available to the Everyone group, which means local users could view it regardless of their permissions. Knowing in advance exactly where Microsoft Defender wouldn’t look, all that was left to do was place the malware in those locations. Accordingly, only those who had physical access to the computer could exploit this vulnerability.
After the resource Beeping computer Citing cybersecurity expert SecGuru_OTX, this vulnerability has now been fixed. SentinelOne specialist Antonio Cocomazzi suggested the problem was fixed with a Windows update released on Tuesday. However, analyst Will Dormann indicated that some system permissions settings changed without installing Windows updates – it may have been done by Microsoft Defender.
The vulnerability reportedly affected Windows 10 21H1 and Windows 10 21H2 systems, but was not observed in Windows 11.