Article 5E4NQ A Windows Defender vulnerability lurked undetected for 12 years

A Windows Defender vulnerability lurked undetected for 12 years

by
WIRED
from Ars Technica - All content on (#5E4NQ)
microsoft-800x533.jpg

Enlarge (credit: Drew Angerer | Getty Images)

Just because a vulnerability is old doesn't mean it's not useful. Whether it's Adobe Flash hacking or the EternalBlue exploit for Windows, some methods are just too good for attackers to abandon, even if they're years past their prime. But a critical 12-year-old bug in Microsoft's ubiquitous Windows Defender antivirus was seemingly overlooked by attackers and defenders alike until recently. Now that Microsoft has finally patched it, the key is to make sure hackers don't try to make up for lost time.

The flaw, discovered by researchers at the security firm SentinelOne, showed up in a driver that Windows Defender-renamed Microsoft Defender last year-uses to delete the invasive files and infrastructure that malware can create. When the driver removes a malicious file, it replaces it with a new, benign one as a sort of placeholder during remediation. But the researchers discovered that the system doesn't specifically verify that new file. As a result, an attacker could insert strategic system links that direct the driver to overwrite the wrong file or even run malicious code.

Read 8 remaining paragraphs | Comments

index?i=XP6R2T2YOe0:ttsF0nvVpR0:V_sGLiPB index?i=XP6R2T2YOe0:ttsF0nvVpR0:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments