Cybersecurity researchers found a bug in Windows’ antivirus software that’s gone undetected for at least 12 years.
Cybersecurity firm SentinelOne’s researchers discovered a flaw in Microsoft Defender last November, which the software giant addressed in a patch on Feb 9.
Tech portal Ars Technica reported that both the cybersecurity firm and Microsoft found no evidence that the flaw had been exploited yet, and that users who have auto-updates activated should be protected.
The flaw could have been a widespread tool for hackers due to how it was loaded on Windows by default and therefore present on millions of computers and servers. It was also highly trusted by the operating system.
The researchers explained the flaw might have stayed hidden as the vulnerable driver wasn’t stored in a computer’s hard drive full time, instead being loaded by Microsoft Defender only when needed and deleted after.
SentinelOne senior security researcher Kasif Dekel said this was not common behaviour and could potentially exist in other products too.
The firm withheld specifics on how the attackers could leverage the flaw in order to give Microsoft's customers time to patch their systems.
Ars Technica noted that with the findings being made public, it was only a matter of time before hackers figured out how to exploit it.
Microsoft rated the vulnerability as a high risk, though it noted that the vulnerability can only be exploited by an attacker that already has access, either remote or physical, to the target device.
Did you find this article insightful?
67% readers found this article insightful