Security News > 2021 > February > 12-year-old Windows Defender bug gives hackers admin rights
Microsoft has fixed a privilege escalation vulnerability in Microsoft Defender Antivirus that could allow attackers to gain admin rights on unpatched Windows systems.
Microsoft Defender Antivirus is the default anti-malware solution on over 1 billion systems running Windows 10 according to Microsoft's stats.
The vulnerability also impacts other Microsoft security products including but not limited to Microsoft Endpoint Protection, Microsoft Security Essentials, and Microsoft System Center Endpoint Protection.
Microsoft Defender automatically updates both the Malware Protection Engine and malware definitions on enterprise and home devices.
Although Microsoft Defender can check for engine and definition updates multiple times per day, customers are advised to manually check for updates if they want to immediately install security updates.
Last month, Microsoft fixed another Microsoft Defender Antivirus vulnerability, a zero-day exploited in the wild that allowed remote attackers to execute malicious code on unpatched Windows devices.
News URL
Related news
- Researchers claim Windows Defender can be fooled into deleting databases (source)
- Researchers Uncover Windows Flaws Granting Hackers Rootkit-Like Powers (source)
- Microsoft: APT28 hackers exploit Windows flaw reported by NSA (source)
- Microsoft: APT28 hackers exploit Windows flaw reported by NSA (source)
- Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028) (source)