A flaw in the free Microsoft Defender antivirus makes it very easy to pass the defense systems of the software. A hacker can find out the locations excluded by the scan tool and install all types of malware there.
It’s been 8 years since a security breach has affected theMicrosoft Defender Antivirus, the security solution that is available for free on PCs running Windows 10 and Windows 11, as well as recent versions of Windows Server. And it’s been 8 years that it has still not been fulfilled by Microsoft.
In question : files to exclude during a Microsoft Defender virus scan. Indeed, the list of excluded elements is visible to all users of a PC. Therefore, a hacker who has control of the computer can install and execute any malware there, without being worried by the operating system.
This flaw allows bypassing the defenses of Microsoft Defender antivirus
Whatever security software is used, it generally allows you toexclude certain folders and files from scanning. A feature undoubtedly appreciated by users of pirate key generators, but not only … Many very recent applications (from Github, for example), or compressed using non-standard software (followers demomakers know something about this) are sometimes reported to be falsely infected with malware. Those false positives are then quarantined by the virus scan tool or directly deleted from the hard drive.
Read also: Windows Defender: you will soon be able to control the security of your PC on Android and iOS
This is why antivirus programs allow you to specify the locations to be omitted when scanning the computer’s hard drive. But in the case of Microsoft Defender Antivirus, there is a catch and it is significant: the list of files to be omitted is stored in the clear on the computer. If this list can only be viewed locally (you must therefore have control over a PC), any user can view its content. And regardless of their access rights : administrators as guests are all relegated to the same plan. A simple execution of the command req query allows, from Windows 10, to list all the elements that are not scanned by the antivirus, whether it is a file, a folder, an extension or a process.
Therefore, an attacker can save malware in the folder omitted during a scan and execute it afterwards, without Microsoft Defender raising the alarm signal. This is the experience successfully carried out on the Bleeping Computer site. According to security expert Nathan McNulty, the flaw affects Windows 10 21H1 and Windows 10 21H2. On the other hand, it does not seem to concern Windows 11, which is already a good thing for those and those who have migrated to the new version of the OS. However, no corrective has been made by Microsoft since the discovery of this breach.
Source: Bleeping Computer