Researchers at SentinelOne have discovered a 12-year old bug in Microsoft’s Defender software, which is aimed at safeguarding the users’ systems. This bug is typically a driver, which would allow a hacker with any type of access to escalate privileges and execute malicious code remotely. This was now patched by Microsoft after being reported.
Microsoft Defender Vulnerability
In the world of hackers who exploit the vulnerabilities of even an unknown service to gain something, there’s a bug (CVE-2021-24092) lying in the world-renowned software: Microsoft Windows for over 12-years and not known to anyone to date! It could have created a wave of attacks if the hackers discovered it earlier than SentinelOne researchers.
The report published by SentinelOne detailed an old bug in Windows Defender, now renamed to Microsoft Defender. It was found in its driver software, which could have let an attacker take over the target system completely. Talking deeply, the supposed driver is set in to remove all the files and infrastructure created by the malware.
And space was then filled by a friendly placeholder of something while rectifying it. The problem here is, as said by researchers, Microsoft Defender doesn’t actually verify the newly placed file, which can be taken as an advantage by the adversaries.
Hackers can insert strategic system links to make the driver overwrite the new file, and replace it with a malicious one, or even run their own code. This was informed by SentinelOne to Microsoft in mid-November last year, and the maker of Windows has patched this in the Tuesday update rolled out this week!
Both Microsoft and SentinelOne declared that no incidents were found where any attackers have found this earlier than them and exploited it. And for users who updated their systems to the Tuesday cumulative update are now safe.