Microsoft Defender Antivirus (formerly just Windows Defender) has fixed an old privilege escalation vulnerability. Interestingly, this bug appeared in the code about 12 years ago and affected all versions of Defender for Windows 7 and higher released after 2009.

The vulnerability, discovered by SentinelOne experts in November last year, was identified as CVE-2021-24092. It also spreads to other Microsoft security products, including Microsoft Endpoint Protection, Microsoft Security Essentials, and Microsoft System Centre Endpoint Protection.

The problem was found in the BTR.sys driver (aka Boot Time Removal Tool), which is used to remove files and registry entries created by [...]

On the first “Update Tuesday” in 2021, Microsoft patched the 0-day vulnerability in Defender, one among 83 vulnerabilities in the company’s products, 10 of which were classified as critical.

Various patches have been released for Windows, Edge Browser, Microsoft Office and Microsoft Office Services and Web Apps, Microsoft Windows Codecs Library, Visual Studio, SQL Server, Microsoft Malware Protection Engine, .NET Core, .NET Repository, ASP .NET, and Azure.

The biggest issue this month is undoubtedly a zero-day vulnerability in Microsoft Defender antivirus that hackers have already exploited. This bug was identified as CVE-2021-1647 and is described as an RCE [...]

Many sysadmins have had extremely nervous days this week: Microsoft Defender ATP (Advanced Threat Protection) corporate solution mistakenly detected Mimikatz and Cobalt Strike infections on devices and issued false warnings. [dropcap]L[/dropcap]et me remind you that hackers, from government APT groups to ransomware operators, for a long time beloved the legitimate commercial framework Cobalt Strike, created for pentesters and the red team and focused on exploitation and post-exploitation.

Although it is not available to ordinary users and the full version is priced at about $3,500 per install, attackers still find ways to use it (for example, relying on old, pirated, jailbroken [...]

CyberArk Labs specialists published a report revealing a number of bugs in popular antivirus products from leading industry brands. According to this report, high privileges of antivirus software make it more vulnerable.

As a result, security solutions can be used for file manipulation attacks, and malware can gain elevated rights in the system.

Errors of this kind have been found in products from Kaspersky, McAfee, Symantec, Fortinet, Check Point, Trend Micro, Avira, and Microsoft Defender.

Currently, developers have already fixed all the problems, and the identifiers assigned to them can be seen below (Avast and F-Secure solutions are still awaiting CVE [...]

Microsoft removed the ability to download files using Windows Defender after demonstrating how attackers can use this functionality to deliver malware to a computer.

We reported some time ago how Microsoft, for unclear reasons, covertly added the ability to download files using Microsoft Defender.

Following this, the cybersecurity research community expressed concern that Microsoft now allows Windows 10 antivirus to be used as LOLBINs (legitimate OS files that can be used for malicious purposes).

“With this new feature, Microsoft Defender is now part of the long list of Windows programs that can be abused by local attackers”, – wrote BleepingComputer [...]

It’s silent. You always have it on your PC if you use Windows. You usually don’t notice its activity. And not, we’re not talking about the malware of some sort. Now the person of attention is Microsoft Defender – the proprietary anti-malware software, which has a lot of different responses. Some say that Microsoft Defender is completely useless and can’t provide protection for your PC. And some say that it is one of the best antiviruses ever made. Let’s try Microsoft Defender, compare it with popular antiviruses, and figure it out.

History of the Microsoft Defender Introduction