This dangerous Windows Defender security flaw went unnoticed for 12 years, here's how to protect your PC today
In an ironic twist, the bug would allow an attacker to re-infect your PC after Microsoft Defender removed another virus, but there's an easy fix.
Microsoft Defender is one of the most reliable antivirus solutions available today if you use a PC with Windows 10, but that doesn't mean that the software is without flaws. The company recently patched a serious bug in its software that was completely undetected for 12 years, according to a new report.
When Microsoft Defender identifies a piece of malware, it usually puts a harmless one in its place while the clean up occurs. This is presumably to stop any programs from crashing. The security vulnerability was discovered by a security firm called SentinelOne, which found that the bug was located in a driver file the antivirus uses to get rid of malware installed on the PC, according to a report from Ars Technica.
The bug stems from the method in which that file is replaced - Windows Defender didn't check whether the file it placed there was the right one, leaving the door wide open for misuse by another software to manipulate what file was placed. Once in, an attacker could use regular software that runs on a lower level (like a notepad service) to simply bypass all the administrator blocks set in place by Windows and edit the filesystem at a system level.
It is sort of ironic that an antivirus program might end up being the tool used to reinfect a PC after cleaning up one virus. Microsoft has fixed the bug, thankfully, because the software ships with every Windows computer by default. Every single PC that was not protected by some other antivirus would thus be vulnerable to being exploited. SentinelOne reported the issue in November and the company then worked on a fix for the bug.
According to the report, however, not everyone can access the vulnerability to exploit it. An attacker would still need remote or local access to the computer they wanted to target and they would still need to compromise the Windows PC first. Nevertheless, it is good that Windows has patched the issue already - the company says that anyone who has already updated to the February 9 patch update is already protected. If you haven't yet, now would be a good time to hit the update button, or better still, enable automatic updates instead.