A security vulnerability was recently discovered in Microsoft Defender, the first-party Windows 11 antivirus tool used by millions. Attackers can exploit this vulnerability to gain elevated system privileges and cause significant damage without users noticing.
The so-called “RedSun” vulnerability was discovered by security researcher Chaotic Eclipse, the same one who previously published a Windows exploit after Microsoft ignored his report.
He’s doing so again. In a new GitHub repository for RedSun, he explains the vulnerability and how to exploit it:
Now, normally I would just drop the PoC code and let people figure it out. But I can’t for this one, it’s way too funny. When Windows Defender realizes that a malicious file has a cloud tag, for whatever stupid and hilarious reason, the antivirus that’s supposed to protect decides that it is a good idea to just rewrite the file it found again to it’s original location. The PoC abuses this behaviour to overwrite system files and gain administrative privileges.
I think antimalware products are supposed to remove malicious files not be sure they are there but that’s just me.
Despite the danger in releasing an exploit for a vulnerability in Windows Defender that could affect millions of users, Chaotic Eclipse is doing so out of frustration, which he explains in a recent blog post: “Normally, I would go through the process of begging [Microsoft] to fix a bug but to summarize, I was told personally by them that they will ruin my life and they did.” He goes on: “They mopped the floor with me and pulled every childish game they could. It was soo bad at some point I was wondering if I was dealing with a massive corporation or someone who is just having fun seeing me suffer but it seems to be a collective decision.”
Chaotic Eclipse is referring to the Microsoft Security Response Center, which is responsible for collecting and processing newly discovered security vulnerabilities and forwarding requests so that developers can release a corresponding patch.
No solution in sight yet
The issue with Microsoft Defender was discovered following the latest Patch Tuesday in April and affects systems running Windows 10, Windows 11, and Windows Server, where Microsoft Defender is active.
As with BlueHammer, this exploit is legitimate, but there’s no evidence that it’s already being exploited in the wild. However, this could change on a dime if hackers follow the instructions provided. Microsoft has not yet announced a patch that will resolve the issue.
Until the issue is resolved, you should consider using additional antivirus software on your PC alongside Microsoft Defender. Check out PCWorld’s picks for the best Windows antivirus software.
By the way: If you’re using Windows 11 Home, you’re missing out on the many benefits of Windows 11 Pro. To learn more, see our comparison of Windows 11 Home and Pro. If you want to upgrade, snag it for cheap in the PCWorld Software Store: now just $59 instead of $99.
This articles is written by : Nermeen Nabil Khear Abdelmalak
All rights reserved to : USAGOLDMIES . www.usagoldmines.com
You can Enjoy surfing our website categories and read more content in many fields you may like .
Why USAGoldMines ?
USAGoldMines is a comprehensive website offering the latest in financial, crypto, and technical news. With specialized sections for each category, it provides readers with up-to-date market insights, investment trends, and technological advancements, making it a valuable resource for investors and enthusiasts in the fast-paced financial world.