Karlston Posted September 5, 2020 Share Posted September 5, 2020 Windows Defender’s new feature worry security researchers Windows Defender has added a new feature and security researchers are not too happy, as it has increased the attack surface of Windows. Version 4.18.2007.9 or 4.18.2009.9 of the app has added the ability to download files via the command line using the app, e.g. MpCmdRun.exe -DownloadFile -url [ url] -path [path_to_save_file] … can now be used to download a binary from the internet. While not an exploit in itself, the feature allows a script which can launch the command line to import further files from the internet using native so-called living-off-the-land binaries or LOLBINs. Adding the feature to Windows Defender means there is another app admins have to keep an eye on and another app which hackers can exploit. Fortunately, Windows Defender does still scan the apps it downloads, but this is of course not infallible. The new “feature” was discovered by security researcher Mohammad Askar and verified by BleepingComputer. Read more here. Windows Defender’s new feature worry security researchers Link to comment Share on other sites More sharing options...
Nastrahl Posted September 6, 2020 Share Posted September 6, 2020 Seriously this all about clickbaiting (the original article that worries researchers, not the post here), and it's more a shame since it comes from researchers that only reveal here they doesn't understand at all. Link to comment Share on other sites More sharing options...
Karlston Posted September 7, 2020 Author Share Posted September 7, 2020 Microsoft denies Windows Defender’s new feature is a security risk We reported two days ago that Windows Defender has added the ability to download files via the command line using the app, e.g. MpCmdRun.exe -DownloadFile -url [ url] -path [path_to_save_file] Security researchers expressed concern that the new feature increased Windows 10’s attack surface and could be used to download malicious binaries. Microsoft has now responded to the concern with a statement, saying: “Despite these reports, Microsoft Defender antivirus and Microsoft Defender ATP will still protect customers from malware. These programs detect malicious files downloaded to the system through the antivirus file download feature.” Microsoft also said the feature could not be used for privilege escalation. While Microsoft denies the feature is a security risk, it is well known that the greater the attack the surface the less secure a system is, and some users have complained that they are unable to lock down their PCs by disabling the new feature. via Forbes, WindowsLatest Microsoft denies Windows Defender’s new feature is a security risk Link to comment Share on other sites More sharing options...
We reported two days ago that Windows Defender has added the ability to download files via the command line using the app, e.g. MpCmdRun.exe -DownloadFile -url [ url] -path [path_to_save_file] Security researchers expressed concern that the new feature increased Windows 10’s attack surface and could be used to download malicious binaries. Microsoft has now responded to the concern with a statement, saying: “Despite these reports, Microsoft Defender antivirus and Microsoft Defender ATP will still protect customers from malware. These programs detect malicious files downloaded to the system through the antivirus file download feature.” Microsoft also said the feature could not be used for privilege escalation. While Microsoft denies the feature is a security risk, it is well known that the greater the attack the surface the less secure a system is, and some users have complained that they are unable to lock down their PCs by disabling the new feature. via Forbes, WindowsLatest
RejZoR Posted September 8, 2020 Share Posted September 8, 2020 Lol, feature offered by literally all antiviruses 20 years ago. It's a commandline scanner used for download managers and P2P software. It's not a security flaw or hole, it's literally a feature. What's surprising is that security "researcher"is not aware of such a thing. Too young maybe? Lol, I feel like grandpa now XD Link to comment Share on other sites More sharing options...
3175x175(CURRENT).thumb.jpg.b05acc060982b36f5891ba728e6d953c.jpg)
Recommended Posts
Archived
This topic is now archived and is closed to further replies.