Microsoft Defender Antivirus fixes vulnerability 8 years ago

Microsoft Defender Antivirus fixes vulnerability 8 years ago

Microsoft Defender Antivirus fixes a reported vulnerability about a month ago, although some experts discovered his symptoms about 8 years ago. This vulnerability allowed arbitrary malicious code to run without triggering antivirus alerts.

Image source: Jan Alexander /

Image source: Jan Alexander /

The principle of the vulnerability is relatively simple – it allowed malware files to be placed in folders that Microsoft Defender cannot access. Such folders are usually used to host normal programs that cause antivirus false positives for various reasons, so they need to be excluded from scanning.

The problem with this approach is that the registry entry listing such exclusions was available to the Everyone group, which means local users could view it regardless of their permissions. Knowing in advance exactly where Microsoft Defender wouldn’t look, all that was left to do was place the malware in those locations. Accordingly, only those who had physical access to the computer could exploit this vulnerability.

After the resource Beeping computer Citing cybersecurity expert SecGuru_OTX, this vulnerability has now been fixed. SentinelOne specialist Antonio Cocomazzi suggested the problem was fixed with a Windows update released on Tuesday. However, analyst Will Dormann indicated that some system permissions settings changed without installing Windows updates – it may have been done by Microsoft Defender.

The vulnerability reportedly affected Windows 10 21H1 and Windows 10 21H2 systems, but was not observed in Windows 11.


About the author

Robbie Elmers

Robbie Elmers is a staff writer for Tech News Space, covering software, applications and services.

Add Comment

Click here to post a comment