Facepalm: A critical bug in Windows Defender went unnoticed by both attackers and defenders for about twelve years, before finally being patched last fall. The vulnerability in Microsoft’s built-in antivirus software could have enabled hackers to overwrite files or execute malicious code – if the error was found.
Let us be clear: 12 years is a long time when it comes to the life cycle of a main system, and it is very long for such a critical vulnerability to hide. Part of the reason for this may be because the error in question does not actively exist in the storage of a computer; instead it exists in a Windows system called a ‘dynamic-link library’. Windows Defender only loads this driver if necessary before it is wiped off the disk of a computer.
Wired explains: ‘When the driver deletes a malicious file, it replaces a new, benign file as a sort of placeholder during recovery. But the researchers discovered that the system did not specifically verify the new file. As a result, an attacker could insert strategic system links that instruct the driver to overwrite the wrong file or even execute malicious code. ”
Researchers at security firm SentinelOne discovered and reported the fall that was the fault.
Microsoft initially rated the vulnerability as ‘high’, though it’s worth noting that an attacker would have access to your computer to exploit the error. This probably means that additional exploitation will probably have to be exploited.
Both Microsoft and SentinelOne also agree that there is no evidence that the bug that has now been patched has been maliciously exploited. And SentinelOne keeps the details of the vulnerability under their hat to prevent hackers from exploiting the bug while the patch is rolling out.
A Microsoft spokesman said everyone who installed the patch on February 9 was protected manually or via automatic updates.