A recent update to Microsoft Defender for Windows 10 allows malware and other infected files to be downloaded to a Windows computer.
Existing operating system files can be used for malicious purposes such as live-off-the-land or LOLBIN binaries.
Following a recent update Microsoft Defender, the MpCmdRun.exe command-line tool can be used to download malicious files from a remote location.
So Microsoft Defender is now part of the long list of Windows programs that can be used by hackers.
Microsoft Defender can be used as LOLBIN
Discovered by the security researcher Mohammad Askar. The recent Microsoft Defender command line tool update includes a new definition for the -DownloadFile command line.
This feature allows a local user to use the Microsoft Antimalware Service Command Line Utility (MpCmdRun.exe) to download a file from a remote location by running the following command:
MpCmdRun.exe -DownloadFile -url [url] -path [path_to_save_file]
In tests conducted by iguru.gr, this feature was added to Microsoft Defender in version 4.18.2007.9 or 4.18.2009.9.
The good news is that Microsoft Defender will detect malicious files that will be downloaded with MpCmdRun.exe.
With this discovery, administrators now have an additional Windows executable program that they need to watch to avoid being used against them.