A recent information του Microsoft Defender των Windows 10, επιτρέπει τη λήψη κακόβουλου λογισμικού και άλλων μολυσμένων αρχείων σε υπολογιστή με Windows.
Existing operating system files can be used for malicious purposes such as live-off-the-land or LOLBIN binaries.
Following a recent update Microsoft Defender, the tool command line MpCmdRun.exe can be used to download malicious files from a remote location.
So Microsoft Defender is now part of the long list of Windows programs that can be used by hackers.
Microsoft Defender can be used as LOLBIN
Discovered by the security researcher Mohammad Askar. The recent Microsoft Defender command line tool update includes a new definition for the -DownloadFile command line.
This feature allows a local user to use Microsoft Antimalware Service Command Line Utility (MpCmdRun.exe) to download a file from a remote location by running the following command:
MpCmdRun.exe -DownloadFile -url [url] -path [path_to_save_file]
In tests conducted by iguru.gr, this feature was added to Microsoft Defender in version 4.18.2007.9 or 4.18.2009.9.
The good news is that Microsoft Defender will detect malicious files that will be downloaded with MpCmdRun.exe.
With this discovery, administrators now have an additional Windows executable program that they need to watch to avoid being used against them.
