Hackers take advantage of Microsoft Defender's 8-year-old weakness to bypass the virus detection system
Like any other antivirus, Microsoft Defender allows users to add exclusions (locally or on a network) on their system. When scanning for viruses, Microsoft Defender will ignore these excluded areas and folders.
Often users will create exclusion zones to prevent anti-virus software from affecting the functionality of a genuine application that is mistakenly detected as a virus.
Security researchers discovered that the list of locations excluded from Microsoft Defender's scanning was not protected at all. This results in any local user being able to access this list.
Regardless of permissions, users can access the Registry and find a list of locations excluded from the scan. The hacker will then plant the virus in those excluded locations and execute the malicious code without fear of detection.
Because the directory listings and exclusions are different for each user, there is no universal way to determine this for all computers. This also makes it easier for hackers to hide their behavior.
The news site BleepingComputer has conducted testing to confirm the problem. Testing showed that a ransomware executed from an excluded folder was able to run and encrypt the entire computer without any hindrance or warning from Microsoft Defender.
A security consultant discovered this problem 8 years ago and realized the advantages it brought to hackers.
Due to the long time of existence, and Microsoft has not taken action to patch the error, users and administrators should actively protect themselves by correctly configuring the exclusion area on the server and local machine via group policies.
You should read it
- Microsoft Defender ATP will be available on iOS and Android later this year
- Instructions for using Windows Defender
- Compare Microsoft Defender and Bitdefender
- Microsoft Defender for Endpoint encountered an error that could not be started on Windows Server
- Windows Defender is disabled or inactive, this is a fix
- 3 ways to scan Windows 10 system-wide viruses with Microsoft Defender
- How to fix errors cannot open Windows Defender on Windows 7/8/10
- Use Windows Defender with Command Prompt on Windows 10
- Microsoft Defender for Business launched, mainly aimed at the small and medium business community
- Shadow Defender - Download Shadow Defender here
- How to use Windows Defender to scan programs that do not want PUP?
- Fix Microsoft Defender 0x80073b01 on Windows 10
Maybe you are interested
What is Microsoft Azure Certification?
Cybercriminals are using Microsoft Teams calls to commit fraud
Microsoft officially supports sharing files from iPhone to Windows using Phone Link application
Microsoft 365 Android PDF Viewer shows ads, even with subscription
10 Useful Table Formatting Tips in Microsoft Word
Here's everything Microsoft knows about your PC!