Critical bug in Windows’ antivirus software found after going unnoticed for 12 years


12 years a bug: cybersecurity researchers found a long-unnoticed flaw in Windows’ antivirus software, which the company claims hasn't been noticed or exploited yet. — AP

Cybersecurity researchers found a bug in Windows’ antivirus software that’s gone undetected for at least 12 years.

Cybersecurity firm SentinelOne’s researchers discovered a flaw in Microsoft Defender last November, which the software giant addressed in a patch on Feb 9.

Tech portal Ars Technica reported that both the cybersecurity firm and Microsoft found no evidence that the flaw had been exploited yet, and that users who have auto-updates activated should be protected.

The flaw could have been a widespread tool for hackers due to how it was loaded on Windows by default and therefore present on millions of computers and servers. It was also highly trusted by the operating system.

The researchers explained the flaw might have stayed hidden as the vulnerable driver wasn’t stored in a computer’s hard drive full time, instead being loaded by Microsoft Defender only when needed and deleted after.

SentinelOne senior security researcher Kasif Dekel said this was not common behaviour and could potentially exist in other products too.

The firm withheld specifics on how the attackers could leverage the flaw in order to give Microsoft's customers time to patch their systems.

Ars Technica noted that with the findings being made public, it was only a matter of time before hackers figured out how to exploit it.

Microsoft rated the vulnerability as a high risk, though it noted that the vulnerability can only be exploited by an attacker that already has access, either remote or physical, to the target device.

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 18
Cxense type: free
User access status: 3
   

Did you find this article insightful?

Yes
No

67% readers found this article insightful

Next In Tech News

YouTube cancels Myanmar military-run channels, pulls videos
Blockchain firm Ripple sees no fallout in Asia Pacific from SEC lawsuit
Yoodo adds free 10GB extra data to most of its mobile plans
Top Toshiba shareholder gets further support for proposed investigation
China deals fresh blow to tech giants in reach for data
SpaceX: more risks, better rockets?
Analysis: Wealth managers frustrated over bitcoin, anxious for piece of the action
WhatsApp rolls out video and voice calls to desktop users
Apple probed by UK as App Store payments scrutiny mounts
Germany faces tough questions as nuclear exit nears

Stories You'll Enjoy


Vouchers