Windows Defender’s new feature worry security researchers

by Surur
September 4, 2020

Is Copilot the best AI companion out there? Help us find out by answering a couple of quick questions!

Windows Defender has added a new feature and security researchers are not too happy, as it has increased the attack surface of Windows.

Version 4.18.2007.9 or 4.18.2009.9 of the app has added the ability to download files via the command line using the app, e.g.

MpCmdRun.exe -DownloadFile -url [url] -path [path_to_save_file]

… can now be used to download a binary from the internet.

While not an exploit in itself, the feature allows a script which can launch the command line to import further files from the internet using native so-called living-off-the-land binaries or LOLBINs.

Adding the feature to Windows Defender means there is another app admins have to keep an eye on and another app which hackers can exploit.

Fortunately, Windows Defender does still scan the apps it downloads, but this is of course not infallible.

The new “feature” was discovered by security researcher Mohammad Askar and verified by BleepingComputer. Read more here.

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}