Security News > 2022 > January > Microsoft Defender weakness lets hackers bypass malware detection
Threat actors can take advantage of a weakness that affects Microsoft Defender antivirus on Windows to learn locations excluded from scanning and plant malware there.
Like any antivirus solution, Microsoft Defender lets users add locations on their systems that should be excluded from malware scans.
A security architect versed in protecting the Microsoft stack, McNulty warns that Microsoft Defender on a server has "Automatic exclusions that get enabled when specific roles or features are installed" and these do not cover custom locations.
In tests done by BleepingComputer, a malware strain executed from an excluded folder ran unhindered on the Windows system and triggered no alert from Microsoft Defender.
We used a sample of Conti ransomware and when it executed from a normal location Microsoft Defender kicked in and blocked the malware.
After placing Conti malware in an excluded folder and running it from there, Microsoft Defender did not show any warning and did not take any action, allowing the ransomware to encrypt the machine.
News URL
Related news
- Microsoft dangles $10K for hackers to hijack LLM email service (source)
- Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware (source)
- North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign (source)
- Microsoft: macOS bug lets hackers install malicious kernel drivers (source)
- Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer (source)
- New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass (source)