Microsoft Defender (formerly known as Windows Defender, renamed in 2020), the anti-virus software built into Microsoft Windows operating systems, was found by researchers at a foreign security vendor called SentinelOne in November last year to have a major security flaw in the Defender anti-virus software’s The new report from Wired says that researchers from a foreign security vendor called SentinelOne discovered last November that the driver application BTR.sys of the Defender anti-virus software had a major security vulnerability that had not been revealed for 12 years.
After informing Microsoft, the vulnerability was patched in a routine security update for Windows released on the 9th, and marked as “high risk” level. Fortunately, the vulnerability has not been found to have any signs of exploitation so far.
To ensure the security of your computer device, Windows users are advised to check the update history of Windows Update to see if it is the latest version. To do this, click the “Start” button, then click “Windows Update” in the “Update & Security” section of the “Settings” page, and then click “Review Update History”. If the device has installed the security patches released on 2/9 or activated “Automatic Updates”, it will be protected.
Wired quoted security researchers as saying that Defender automatically loads the BTR.sys driver when it detects a suspicious malicious program has invaded the computer, executes the deletion of the original malicious program and the login file, and creates a new archive file with control code to record its deletion actions while it is being repaired. However, the vulnerability exists in the process of creating a new file without any verification. If someone takes advantage of the situation and inserts a system connection, it will allow the driver to overwrite any specified file, and without obtaining administrator privileges, it will be able to hack the device to delete files, data, or even remotely execute malicious code to launch an attack.
Recent Comments