Microsoft Defender: may download malware

A recent update to Microsoft Defender for Windows 10 allows malware and other infected files to be downloaded to a Windows computer.

Existing operating system files can be used for malicious purposes such as live-off-the-land or LOLBIN binaries.

Following a recent update Microsoft Defender, the MpCmdRun.exe command-line tool can be used to download malicious files from a remote .

So Microsoft Defender is now part of the long list of Windows programs that can be used by hackers.

Microsoft Defender can be used as LOLBIN

Discovered by the security researcher Mohammad Askar. The recent Microsoft Defender command line tool update includes a new definition for the -DownloadFile command line.

This feature allows a local user to use the Microsoft Antimalware Service Line (MpCmdRun.exe) to download a file from a remote location by running the following command:

MpCmdRun.exe -DownloadFile -url [url] -path [path_to_save_file]

In tests conducted by iguru.gr, this feature was added to Microsoft Defender in 4.18.2007.9 or 4.18.2009.9.

The good news is that Microsoft Defender will detect malicious files that will be downloaded with MpCmdRun.exe.

With this discovery, administrators now have an additional Windows executable program that they need to watch to avoid being used against them.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).