Having an antivirus to protect systems and prevent attacks is essential. In this sense, Windows Defender has become one of the favorites by users of the Microsoft system. It works well, it’s free and it also comes already integrated with the OS itself. However, in this article we echo a problem that affects this antivirus and can be exploited by a cybercriminal.
A flaw puts Windows Defender at risk
Hackers now have an opportunity to exploit Windows Defender and bypass protection . But this is not something new. In fact, according to computer security researchers, this bug has been around for at least 8 years.
But how does this error work? Windows Defender, like other security solutions, allows users to add locations (either local or on the network) on their systems to exclude them from being scanned. This is very useful so that the antivirus does not detect false positives, for example when downloading a file or installing a program.
Each user can have a series of folders or locations excluded , so that the antivirus does not act on them. The problem is that this information is not stored in encrypted form. Any local user can access it. What if an attacker knows which locations are encrypted?
Also, keep in mind that this works regardless of what permissions that local user has. You will be able to access the registry and know the routes that Windows Defender does not take into account when scanning for malware. This should be confidential and not available to just anyone.
Affects multiple versions
According to security researchers, this issue affects Windows 10 21H1 and Windows 10 21H2 versions . However, it seems that this problem does not affect Windows 11, the latest version of Microsoft’s operating system.
Although this problem can be exploited, the truth is that it is not easy for an attacker to get to that information. Keep in mind that local access is required. It is not possible to exploit it remotely, so that greatly limits the actions of hackers.
What can this problem mean? Let’s say a user has a folder where he keeps downloaded files that he knows are safe, but the antivirus detects it as a threat. For example, if you perform ethical hacking tests, antivirus programs often alert you to an alleged virus and automatically delete the file. An attacker who knows which folder they have excluded could drop ransomware there and execute it without any problems.
Our advice is to always have everything updated to the latest version. In this way we can correct problems like this vulnerability that we have seen. This will keep out hackers who can take advantage of these errors to launch their attacks. You can see the steps to avoid false positives in Windows Defender. In this way you will not have problems when downloading certain files.
