Microsoft Defender Antivirus is designed to serve as a first line of defense for countless Windows systems, protecting computers from malware. However, according to a recent revelation, Windows' native security tool may not be all that effective — and Microsoft doesn't seem to care.
A security researcher known as Chaotic Eclipse recently disclosed a vulnerability called “Red Sun” that affects Microsoft Defender Antivirus. The researcher criticized Microsoft’s handling of the issue, explaining that the proof-of-concept code (PoC) can be used to bypass Defender protections.
The researcher also reported that malicious users have already started trying to exploit the problem.
The Red Sun flaw is said to stem from an unusual behavior in Defender when handling potentially malicious files marked with the “cloud” tag. According to the researcher, the antivirus can, under certain circumstances, restore or rewrite such files to their original location on disk. The PoC shows how this behavior could be abused to overwrite system files and potentially escalate privileges.
Earlier this month, the same researcher uncovered another zero-day exploit, called BlueHammer. He reported it to Microsoft's Security Response Center, but the company did not classify the flaw as a significant security issue, prompting him to publish his proof-of-concept code.
In one recent post about Red Sun, Chaotic Eclipse reported that his relationship with the MSRC team has further deteriorated. He claims that Microsoft developers are now actively targeting him and engaging in “childish” behavior intended to undermine him.
“It was so bad that at some point I wondered if I was dealing with a huge corporation or someone who just enjoys watching me suffer, but it seems to be a collective decision,” the researcher says.
Although the press releases will range from very select to rare, I said I'd pass...because sometimes the editors hide.
