A Microsoft Defender vulnerability has been around for 12 years ... and Windows 7 users will continue to be exposed to it

Microsoft has announced correcting a vulnerability in Windows Defender / Microsoft Defender which allowed potential attackers to obtain administrator permission on Windows systems.

But what distinguishes this vulnerability in question (known as CVE-2021-24092) the thing is had been present no less than since 2009, thus affecting the versions of Windows (both client and server) from Windows 7.

But CVE-2021-24092 It does not only affect Microsoft's antivirus (installed, remember, by default in Windows), but also to other security products of the company that make use of the Malware Protection Engine: Microsoft Endpoint Protection, Microsoft Security Essentials, etc.

An unexploited vulnerability ... until now

Specifically, the vulnerability resided in a driver named BTR.sys (acronym for Boot Time Removal Tool), used by Windows during the process of repairing the file system and / or registry entries after detecting malware on a computer.

And that is precisely what explains that this vulnerability has gone so long undetected.

Microsoft explains why we can no longer disable Windows Defender from the Windows 10 registry

According to a report published yesterday by SentinelOne (the company that located the vulnerability in November last year and reported it to Microsoft):

"Before being corrected, the vulnerability remained hidden for 12 years, possibly due to the nature of the specific mechanism that enables it to be activated:

[...] the driver is not normally present on the hard drive, but is activated when necessary (with a random name) and then removed. "

From Redmond they state that the security update will install automatically on systems running vulnerable versions of Defender, as long as automatic updates are enabled.

Nevertheless, Windows 7 users, already lacking official support from the company, will remain exposed to this security hole. And, as explained from SentinelOne,

"Although it appears that the vulnerability has not been exploited, malicious actors will likely figure out how to exploit it on unpatched systems."

Via | Bleeping Computer

© Best Of Giz India. All rights reserved. Distributed by . Distributed by