Forget what we said before…. Hackers Exploit a Weakness Affecting the Microsoft Defender Application on Windows to Learn Unscanned Sites to Install There malicious software.
The vulnerability has been around for at least eight years, according to some users, and affects Windows 10 from version 21H1 to 21H2.
Όπως κάθε εφαρμογή προστασίας, το Microsoft Defender επιτρέπει στους χρήστες να προσθέτουν τοποθεσίες (τοπικές ή στο network) στα συστήματά τους που θέλουν να εξαιρεθούν από σαρώσεις κακόβουλου λογισμικού.
So there are many who add exceptions to antivirus that make it easier for other applications that are incorrectly detected as malware.
Βέβαια η λίστα των εξαιρέσεων σάρωσης διαφέρει από τον ένα χρήστη στον άλλο, Οι information αυτές είναι πολύ χρήσιμες για κάποιον εισβολέα, καθώς γνωρίζει που μπορεί να αποθηκεύσει το κακόβουλο λογισμικό για μην εντοπιστεί.
The researchers security so they discovered that the list of sites excluded from Microsoft Defender scanning is not protected and any local user can access it.
Local users can ask the registry questions and learn the paths that Microsoft Defender is not allowed to check for malware or dangerous files, and they do not even need administrator privileges.
Antonio Cocomazzi, a security researcher at SentinelOne, reports on the Bleepingcomputer. that there is no protection for this information, which should be considered sensitive, and that executing the "reg query" command reveals all instructions received by Microsoft Defender to scan files, folders, extensions, or processes.
Windows Defender av allows Everyone to read the configured exclusions on the system 🤦
reg query "HKLMSOFTWAREMicrosoftWindows DefenderExclusions" / s pic.twitter.com/dpTFwMVRje
- Antonio Cocomazzi (@splinter_code) -
Another researcher, Nathan McNulty, confirmed that the problem exists in versions 21H1 and 21H2 of Windows 10, but does not affect Windows 11.
Finally, for those configuring Defender AV on servers, be aware that there are automatic exclusions that get enabled when specific roles or features are installed
They do not cover non-default install locations, and you should review the list here:https://t.co/StYXMmfs8T
- Nathan McNulty (@NathanMcNulty) -
McNulty also confirmed that one can obtain the list of exceptions from the registry with entries that store the settings political group. This information is very sensitive as it provides exceptions for many computers.
