Security News > 2022 > February > Microsoft fixes Defender flaw letting hackers bypass antivirus scans
Microsoft has recently addressed a weakness in the Microsoft Defender Antivirus on Windows that allowed attackers to plant and execute malicious payloads without triggering Defender's malware detection engine.
After finding out what folders were added to the antivirus exclusion list, attackers could deliver and execute malware from an excluded folder on a compromised Windows system without having to fear that its malicious payload will be detected and neutralized.
By exploiting this weakness, BleepingComputer could execute a sample of Conti ransomware from an excluded folder and encrypt a Windows system without any warnings or signs of detection from Microsoft Defender.
SentinelOne threat researcher Antonio Cocomazzi confirmed that the flaw can no longer be used on Windows 10 20H2 systems after installing the February 2022 Patch Tuesday Windows updates.
On the other hand, Will Dormann, a vulnerability analyst for CERT/CC, noted that he received the permissions change without installing any updates, indicating that the change could be added by both Windows updates and Microsoft Defender security intelligence updates.
The change rolled out since our previous report at the moment, only Microsoft knows how it was pushed to affected Windows 10 systems.
News URL
Related news
- U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- Microsoft squashes SmartScreen security bypass bug exploited in the wild (source)
- Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage (source)
- Microsoft: APT28 hackers exploit Windows flaw reported by NSA (source)
- Microsoft: APT28 hackers exploit Windows flaw reported by NSA (source)
- Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications (source)