author: Bart Swiatek
Security Gap in Windows Defender Allows for Downloading Viruses From the Web
The Microsoft Defender antivirus program - formerly Windows Defender - received a feature in July that can be used by the user to download viruses from the web. The vulnerability is not dangerous for most computer users, but in some situations it can be used to infect the system with malware.
IN A NUTSHELL:
- The new feature in Microsoft Defender, introduced in the July update, allows the user to download a virus to their computer;
- The vulnerability is not a threat to the average user, but can be exploited by a hacker who has access to the computer.
The antivirus program Microsoft Defender (formerly Windows Defender) received an update in July, marked 4.18.2007.8. It introduced the Service Command Line Utility (process called MpCmdRun.exe), which offers, among other things, the ability to download files via the command line tool. As Twitter expert Mohammad Askar describes on Twitter, the function enables users to download viruses to their computer.
It is worth noting that Service Command Line Utility is unlikely to pose a threat to the average Windows user, because downloading viruses using this method requires some knowledge and certain actions. However, this is probably not a use intended by Microsoft Defender programmers. In theory, a hacker who has access to a computer can use the program to carry out a LOLBin attack ("Living off the Land Binary", which refers to situations where a non malicious application is used to crack security).
It should be noted that files downloaded using the method discovered by Mohammad Askar are scanned by Microsoft Defender and caught as harmful, but this does not change the fact that it is a kind of security gap that can be used for bad purposes in certain situations (you can imagine, for example, a scenario in which someone hires in some company for a short time just to break its security - or simply does this to the boss in anger because they received a reprimand or were fired).