Microsoft finally patches Windows Defender bug after more than a decade

Vulnerability affects devices going back to Windows 7

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Microsofthas finally patched a security flaw affecting its Microsoft Defender antivirus program (formerly Windows Defender), that has remained undetected for 12 years. The flaw, tracked as CVE-2021-24092, affects devices old enough to still be runningWindows 7, all the way up to newerWindows 10models.

The vulnerability allows threat actors to carry out a privilege escalation attack that could lead to malicious code being inserted into Microsoft Defender system files. The bug, which was discovered by security researchers SentinelOne late last year, works by taking advantage of the fact that Defender replaces deleted malicious files with benign placeholder ones. However, as the system doesn’t specifically verify these new files, attackers could create a link system that forces Defender to delete the wrong files or run malicious ones.

The length of time that this vulnerability has been present is obviously of concern. Just looking atWindows 10 devices, Microsoft claims that there are more than 1 billion of its products running Defender as their default anti-malware solution.

Out in the open

Fortunately, despite its long history, there does not appear to be any evidence of this vulnerability being exploited in the wild. However, now that the exploit has been formally revealed, it is possible that threat actors will attempt to weaponize it. Businesses withpatch management softwareinstalled are unlikely to forget to download Microsoft’s new security update but it is more likely to be ignored by consumers running olderoperating systems.

“Of course, while it seems like the vulnerability hasn’t been exploited, bad actors will probably figure out how to leverage it on unpatched systems,” a SentinelOne reportexplained. “Additionally, since the vulnerability is present in all Windows Defender versions starting from around 2009, it’s likely that numerous users will fail to apply the patch, leaving them exposed to future attacks.”

Windows users can manually check for updates if they are not sure if their version of Microsoft Defender is protected against the newly discovered vulnerability.

ViaBleeping Computer

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Professionals are facing “tech overload” as they try to juggle multiple devices in the workplace