Dangerous Windows Defender Vulnerability Removed After 12 Years

Windows Defender is a security program present by default in Windows 10; some s consider it a simple antivirus. It recently turned out that there was a dangerous vulnerability in it that went unnoticed for 12 years. Both potential attackers and Microsoft were unaware of it. Last fall it was February 9, so we can already talk about it in the past tense.

The vulnerability was related to a DLL (Dynamic-Link Library) file of a driver in Microsoft Defender. When the application deletes a suspicious file, it creates a replacement file - a space filler that replaces the deleted data. The system does not thoroughly the new file, so this creates an opportunity to influence the driver to remove the incorrect file or even execute malicious code (using Defender's permissions). Microsoft marked this threat as "high", so it could be considered significant.

Related:Civilization 7 is not doing well on Steam. Classic maps and big changes aim to reverse the trend

The most interesting thing about this is how such a vulnerability could exist unnoticed for so many years. There are a few possible explanations. First of all, for the vulnerability to be exploited, access to the computer - physical or remote - was required. So someone would first have to exploit another vulnerability, or reach the device they want to attack. The second reason could have been that the vulnerability was poorly visible on the system, as it did not actively exist in memory. This may partially justify the omission of such a threat - it was simply not very "attractive" for cybercriminals.

• SentinelOne - official website
• Most Popular Windows Versions Across the Years

• Microsoft
• security
• patches and updates
• Windows
• antivirus programs
• Windows 10
• Microsoft Defender / Windows Defender
• PC