A vulnerability in Windows Defender went unnoticed for 12 years

Joe White

Joe White

Posts: 69   +0
Facepalm: A critical bug in Windows Defender went undetected by both attackers and defenders for some 12 years, before finally being patched last fall. The vulnerability in Microsoft’s built-in antivirus software could have allowed hackers to overwrite files or execute malicious code—if the bug had been found.

Let’s be clear—12 years is a long time when it comes to the lifecycle of a mainstream operating system, and it’s a heck of a long time for such a critical vulnerability to hide. Part of the reason for this could be because the bug in question doesn’t actively exist on a computer’s storage—instead, it exists in a Windows system called a “dynamic-link library.” Windows Defender only loads this driver when needed, before wiping it off a computer’s disk.

Wired explains, “When the driver removes a malicious file, it replaces it with a new, benign one as a sort of placeholder during remediation. But the researchers discovered that the system doesn't specifically verify that new file. As a result, an attacker could insert strategic system links that direct the driver to overwrite the wrong file or even run malicious code.”

Researchers at security firm SentinelOne discovered and reported the flaw last fall, which was subsequently patched.

Microsoft initially rated the vulnerability as “high,” although it’s worth noting that for an attacker to take advantage of the bug, they’d need access—either physical or remote—to your computer. In all likelihood, this means that additional exploits would probably need to be deployed.

Both Microsoft and SentinelOne also agree that there’s no evidence that the now-patched bug was exploited maliciously. And SentinelOne is keeping the specifics of the vulnerability under their hat in order to prevent hackers from taking advantage of the bug while the patch rolls-out.

A Microsoft spokesperson said that anyone who installed the Feb. 9 patch, either manually or via auto-updates, is protected.

Permalink to story.

https://www.techspot.com/news/88626-vulnerability-windows-defender-went-unnoticed-12-years.html

 
Windows is a joke for the last 6 years. In the meantime, Sir William Gates paints Himself as The Humanity's Savior because 6 years ago He envisioned that a strain of coronavirus that were hitting Earth every few years since 1918 (Spanish flu) will eventually strike back in 2020s. If It wasn't that the last year's strain was a nasty one, He could not make all those interviews that make His celebrity status resurrected. Excellent job, Your Majesty!

Hey, since the population of Earth is growing especially in Asia, and distances between people shrink all the times, and half of developing world still live around both domestic animals and eat wild animals, I envision that one of the next covid strains will kill around twice the people that COVID19 will. When it happens, don't forget who to call for intereview! Of course, I cannot guarantee I'll be available...

Really, MS should spend little more dough on testing.
Eventually They will loose this part of business to competition.
 
Last edited:
  • Like
Reactions: wizardB, Reehahs, 0dium and 1 other person
noel24 said:
Windows is a joke for the last 6 years. In the meantime, Sir William Gates paints Himself as The Humanity's Savior because 6 years ago He envisioned that a strain of coronavirus that were hitting Earth every few years since 1918 (Spanish flu) will eventually strike back in 2020s. If It wasn't that the last year's strain was a nasty one, He could not make all those interviews that make His celebrity status resurrected. Excellent job, Your Majesty!

Hey, since the population of Earth is growing especially in Asia, and distances between people shrink all the times, and half of developing world still live around both domestic animals and eat wild animals, I envision that one of the next covid strains will kill around twice the people that COVID19 will. When it happens, don't forget who to call for intereview! Of course, I cannot guarantee I'll be available...

Really, MS should spend little more dough on testing.
Eventually They will loose this part of business to competition.
Click to expand...
Sir this is a wendys
 
  • Like
Reactions: Linoleum77, bexwhitt, ilovetohateyou and 15 others
noel24 said:
Windows is a joke for the last 6 years. In the meantime, Sir William Gates paints Himself as The Humanity's Savior because 6 years ago He envisioned that a strain of coronavirus that were hitting Earth every few years since 1918 (Spanish flu) will eventually strike back in 2020s. If It wasn't that the last year's strain was a nasty one, He could not make all those interviews that make His celebrity status resurrected. Excellent job, Your Majesty!

Hey, since the population of Earth is growing especially in Asia, and distances between people shrink all the times, and half of developing world still live around both domestic animals and eat wild animals, I envision that one of the next covid strains will kill around twice the people that COVID19 will. When it happens, don't forget who to call for intereview! Of course, I cannot guarantee I'll be available...

Really, MS should spend little more dough on testing.
Eventually They will loose this part of business to competition.
Click to expand...

Gates had nothing to do with this,also an undocumented unknown exploit fixed a year ago hardly seems damning, new exploits are found in everything, but unlike apple when Microsoft is made aware they fix it instead of saying it's fine our systems are perfect
 
  • Like
Reactions: guillejp, scavengerspc, Burty117 and 2 others
noel24 said:
Windows is a joke for the last 6 years. In the meantime, Sir William Gates paints Himself as The Humanity's Savior because 6 years ago He envisioned that a strain of coronavirus that were hitting Earth every few years since 1918 (Spanish flu) will eventually strike back in 2020s. If It wasn't that the last year's strain was a nasty one, He could not make all those interviews that make His celebrity status resurrected. Excellent job, Your Majesty!

Hey, since the population of Earth is growing especially in Asia, and distances between people shrink all the times, and half of developing world still live around both domestic animals and eat wild animals, I envision that one of the next covid strains will kill around twice the people that COVID19 will. When it happens, don't forget who to call for intereview! Of course, I cannot guarantee I'll be available...

Really, MS should spend little more dough on testing.
Eventually They will loose this part of business to competition.
Click to expand...
This myth people talk about 'overpopulation' is just as dumb as flat earth theory. The earth can comfortably hold 10 times the current population, the problem is not space, it's our simplistic agricultural practices which waste land and waste of other resources. If all humans on earth where to stand shoulder to shoulder we would fit in manhattan, all 7 billion of us.
 
  • Like
Reactions: CWO6965
Once again, the MS haters come out... There are almost certainly unexploited exploits in EVERY SINGLE OS IN EXISTENCE!!

They get found all the time - get reported - and then get patched. This is true for unix/linux, Windows, MacOS, iOS, Android and all the rest.

That no one saw this one in 12 years clearly means it was pretty tough to find. Windows, by being the most popular OS on PC, gets searched for exploits more than any other.

People love to hate on MS - but they do a pretty good job of securing their OS. People who say "*nix is far more secure" don't know what they're talking about. It's open source, and there are tons of undocumented exploits that hackers use all the time...
 
  • Like
Reactions: CWO6965, Amariami, candle_86 and 4 others
Squid Surprise said:
Once again, the MS haters come out... There are almost certainly unexploited exploits in EVERY SINGLE OS IN EXISTENCE!!

They get found all the time - get reported - and then get patched. This is true for unix/linux, Windows, MacOS, iOS, Android and all the rest.

That no one saw this one in 12 years clearly means it was pretty tough to find. Windows, by being the most popular OS on PC, gets searched for exploits more than any other.

People love to hate on MS - but they do a pretty good job of securing their OS. People who say "*nix is far more secure" don't know what they're talking about. It's open source, and there are tons of undocumented exploits that hackers use all the time...
Click to expand...
Honestly, I can't think of one other software company that would be able to handle a fraction of the exploit attempts that are thrown at MS\Windows every single day.
 
  • Like
Reactions: CWO6965, Reehahs, guillejp and 5 others
It's so funny to see people saying "windows is such a joke" while they dont understand that discovering a vulnerability years later means that it never has been exploited.
(oh and btw the os with the most security breaches every year isnt window (hey apple whats up?)
 
  • Like
Reactions: wizardB and CWO6965
Par for the course. I wonder if there are any hackers out there who are embarrassed that they did not find and exploit this?
 
  • Like
Reactions: CWO6965
I bet some attackers knew about the vulnerability.
Those who ordered it in the first place.
Or... maybe the person who ordered it got fired, took his stuff, and NSA really didn't know about it. LOL.
 
Markoni35 said:
I bet some attackers knew about the vulnerability.
Those who ordered it in the first place.
Or... maybe the person who ordered it got fired, took his stuff, and NSA really didn't know about it. LOL.
Click to expand...
even if they knew of this vulnerability, they would need to access the computer to make it work... at that point he can install pretty much anything.
 
"nobody got fired for buying blue boxes" ..... Its a shame really, I bet almost no one knows what that means... :O
 
The whole reason for MS defender to exist was due to the large large large amount of infected XP, W7 and W8 machines out there.

 
Vanderlinde said:
The whole reason for MS defender to exist was due to the large large large amount of infected XP, W7 and W8 machines out there.
Click to expand...
Defender started out as a firewall and then with Win8 incorporated Microsoft Security Essentials. Defender on WinXP, WinVista, and Win7 did/does not scan for viruses. And when talking about Defender anti-virus abilities, you can not isolate Win10 from Win8.

en.wikipedia.org

Microsoft Security Essentials - Wikipedia

en.wikipedia.org en.wikipedia.org
Microsoft Security Essentials (MSE) is an antivirus software (AV) that provides protection against different types of malicious software, such as computer viruses, spyware, rootkits, and trojan horses. Prior to version 4.5, MSE ran on Windows XP, Windows Vista, and Windows 7, but not on Windows 8 and later versions, which have built-in AV components known as Windows Defender.
Click to expand...
 
You must log in or register to reply here.

Similar threads

midian182
First-ever Switch modding case in Japan ends with fine and suspended jail time
Replies
6
Views
99
NumberNine
NumberNine
A
Windows Remote Desktop Protocol contains a login backdoor Microsoft refuses to fix
2
Replies
32
Views
253
LimyG
LimyG
A
Old BitLocker vulnerability exploited to bypass encryption on updated Windows 11
Replies
20
Views
527
user478318
user478318

Latest posts

Back