Security News > 2022 > January > Microsoft Defender weakness lets hackers bypass malware detection
Threat actors can take advantage of a weakness that affects Microsoft Defender antivirus on Windows to learn locations excluded from scanning and plant malware there.
Like any antivirus solution, Microsoft Defender lets users add locations on their systems that should be excluded from malware scans.
A security architect versed in protecting the Microsoft stack, McNulty warns that Microsoft Defender on a server has "Automatic exclusions that get enabled when specific roles or features are installed" and these do not cover custom locations.
In tests done by BleepingComputer, a malware strain executed from an excluded folder ran unhindered on the Windows system and triggered no alert from Microsoft Defender.
We used a sample of Conti ransomware and when it executed from a normal location Microsoft Defender kicked in and blocked the malware.
After placing Conti malware in an excluded folder and running it from there, Microsoft Defender did not show any warning and did not take any action, allowing the ransomware to encrypt the machine.
News URL
Related news
- Andariel Hackers Target South Korean Institutes with New Dora RAT Malware (source)
- Hackers Use MS Excel Macro to Launch Multi-Stage Malware Attack in Ukraine (source)
- Hackers Exploit Legitimate Packer Software to Spread Malware Undetected (source)
- Azure Service Tags Vulnerability: Microsoft Warns of Potential Abuse by Hackers (source)
- Pakistani Hackers Use DISGOMOJI Malware in Indian Government Cyber Attacks (source)
- Hackers use F5 BIG-IP malware to stealthily steal data for years (source)
- New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data Exfiltration (source)
- Snowblind malware abuses Android security feature to bypass security (source)
- Hackers target new MOVEit Transfer critical auth bypass bug (source)
- Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware (source)