On the first “Update Tuesday” in 2021, Microsoft patched the 0-day vulnerability in Defender, one among 83 vulnerabilities in the company’s products, 10 of which were classified as critical.

Various patches have been released for Windows, Edge Browser, Microsoft Office and Microsoft Office Services and Web Apps, Microsoft Windows Codecs Library, Visual Studio, SQL Server, Microsoft Malware Protection Engine, .NET Core, .NET Repository, ASP .NET, and Azure.

The biggest issue this month is undoubtedly a zero-day vulnerability in Microsoft Defender antivirus that hackers have already exploited. This bug was identified as CVE-2021-1647 and is described as an RCE [...]

Many sysadmins have had extremely nervous days this week: Microsoft Defender ATP (Advanced Threat Protection) corporate solution mistakenly detected Mimikatz and Cobalt Strike infections on devices and issued false warnings. [dropcap]L[/dropcap]et me remind you that hackers, from government APT groups to ransomware operators, for a long time beloved the legitimate commercial framework Cobalt Strike, created for pentesters and the red team and focused on exploitation and post-exploitation.

Although it is not available to ordinary users and the full version is priced at about $3,500 per install, attackers still find ways to use it (for example, relying on old, pirated, jailbroken [...]

Microsoft removed the ability to download files using Windows Defender after demonstrating how attackers can use this functionality to deliver malware to a computer.

We reported some time ago how Microsoft, for unclear reasons, covertly added the ability to download files using Microsoft Defender.

Following this, the cybersecurity research community expressed concern that Microsoft now allows Windows 10 antivirus to be used as LOLBINs (legitimate OS files that can be used for malicious purposes).

“With this new feature, Microsoft Defender is now part of the long list of Windows programs that can be abused by local attackers”, – wrote BleepingComputer [...]

The latest update to Microsoft Defender Antivirus for Windows 10 allows using it to download viruses, malware, and other files to Windows computer. [dropcap]Security[/dropcap] researcher Muhammad Askar discovered this ability to download malware.

The Microsoft Defender Command Line Tool update now includes a new command line argument -DownloadFile. The directive allows a local user to use the Microsoft Antimalware Service Command Line Utility (MpCmdRun.exe) to download a file from a remote location using a dedicated command.

“Well, you can download a file from the internet using Windows Defender itself. In this example, I was able to download Cobalt Strike beacon [...]