Windows Defender is an anti-malware component that comes preinstalled on all Windows devices.
This vulnerability could let attackers carry out sophisticated attacks by enabling malicious escalation of privileges. The vulnerability was present in all Windows devices for the past 12 years. The reason it went unnoticed for so long was the very specific nature of the mechanism required to activate it.
This driver takes care of any malicious system and registry files created from kernel mode. For this purpose, the driver maintains a log of all the operations done by a specific file by creating a handle on it. An attacker can create a link at “C:\Windows\Temp\BootClean.log” which can enable them to potentially overwrite arbitrary files.
The vulnerability can be easily exploited by hackers and can be used to target a huge section of users. The vulnerability was affecting 1 Billion users as it was present in Windows Defender which is pre-loaded in all Windows devices.
Even though this vulnerability has been fixed in the latest update, it can still be exploited on the new machines if they are not updated to the latest version. It is advised to update your devices without further delay.
NPAV recommends users to regularly keep updating their operating systems and software of use so that security patches are updated. Install NPAV on your devices and keep them protected from all kinds of cyberattacks.
Use NPAV and join us on a mission to secure the cyber world.