Microsoft finally patches Windows Defender bug after more than a decade

Windows 10
(Image credit: Microsoft)
Audio player loading…

Microsoft has finally patched a security flaw affecting its Microsoft Defender antivirus program (formerly Windows Defender), that has remained undetected for 12 years. The flaw, tracked as CVE-2021-24092, affects devices old enough to still be running Windows 7, all the way up to newer Windows 10 (opens in new tab) models.

The vulnerability allows threat actors to carry out a privilege escalation attack that could lead to malicious code being inserted into Microsoft Defender system files. The bug, which was discovered by security researchers SentinelOne late last year, works by taking advantage of the fact that Defender replaces deleted malicious files with benign placeholder ones. However, as the system doesn’t specifically verify these new files, attackers could create a link system that forces Defender to delete the wrong files or run malicious ones.

The length of time that this vulnerability has been present is obviously of concern. Just looking at Windows 10 devices (opens in new tab), Microsoft claims that there are more than 1 billion of its products running Defender as their default anti-malware solution.

Out in the open

Fortunately, despite its long history, there does not appear to be any evidence of this vulnerability being exploited in the wild. However, now that the exploit has been formally revealed, it is possible that threat actors will attempt to weaponize it. Businesses with patch management software (opens in new tab) installed are unlikely to forget to download Microsoft’s new security update but it is more likely to be ignored by consumers running older operating systems.

“Of course, while it seems like the vulnerability hasn’t been exploited, bad actors will probably figure out how to leverage it on unpatched systems,” a SentinelOne report explained (opens in new tab). “Additionally, since the vulnerability is present in all Windows Defender versions starting from around 2009, it’s likely that numerous users will fail to apply the patch, leaving them exposed to future attacks.”

Windows users can manually check for updates if they are not sure if their version of Microsoft Defender is protected against the newly discovered vulnerability.

Via Bleeping Computer (opens in new tab)

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things.