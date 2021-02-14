



Facepalm: A serious bug in Windows Defender was finally patched last fall after being undetected by both attackers and defenders for about 12 years. A vulnerability in Microsoft’s embedded antivirus software could allow a hacker to overwrite a file or execute malicious code if a bug was found.

To be clear, 12 years is a long time when it comes to the life cycle of mainstream operating systems, and it will take a long time before these critical vulnerabilities are hidden. Part of the reason may be that the bug in question is not actively present in computer storage, but in a Windows system called a dynamic link library. Windows Defender loads this driver only when needed, before erasing the driver from your computer’s disk.

When the driver deletes a malicious file, Wired replaces it with a new harmless file as a kind of placeholder during repair. However, researchers have discovered that the system has not specifically validated the new file. As a result, an attacker could insert a strategic system link that directs the driver to overwrite the wrong file or execute malicious code.

Researchers at security firm SentinelOne discovered and reported a flaw last fall and then patched it.

Microsoft initially rated this vulnerability as high, but be aware that an attacker would need to access your computer physically or remotely to exploit the bug. Perhaps this means that you need to deploy additional exploits.

Both Microsoft and SentinelOne agree that there is no evidence that the patched bug was maliciously exploited. SentinelOne also hides the details of the vulnerability to prevent hackers from exploiting the bug while the patch is being released.

A Microsoft spokeswoman said anyone who installed the February 9 patch manually or automatically would be protected.

