Windows Defender, fixed a bug after 12 years

Microsoft released the traditional cumulative update on Tuesday which includes several security patches. It is now revealed that one of them addresses a vulnerability that has existed in Windows Defender (now known as Microsoft Defender) since 2009, so for almost 12 years. The antivirus is included with Windows 10, so it is installed on over a billion devices.

Windows Defender and the vintage vulnerability

The vulnerability was discovered and reported by SentinelOne in the month of November 2020. The bug was present in the BTR.sys driver used by Windows Defender during the process of deleting files and registry keys created by malware on infected computers. Probably the security problem remained hidden for 12 years because this driver does not remain on disk, but is temporarily copied and subsequently deleted.

The vulnerability was still considered high risk, as it allowed the elevation of privileges . An attacker could then obtain administration rights and perform any operation on the unsuspecting user's computer. Fortunately, the risk was minimal because any attack required access (physical or remote).

The update is installed automatically, but you can manually check the availability of the update. The version of the Microsoft Malware Protection Engine should be at least 1.1.17800.5. The previous ones are vulnerable. Of course, no problem for users who have disabled their antivirus and chosen a third-party solution.

Source: Bleeping Computer