Despite the enormous number of options that we have when choosing our antivirus and protecting the data stored on our computer, many opt for the Microsoft option, we are referring to Windows Defender.
Since Windows 10 was released a few years ago, this is the security solution that has become the preferred solution for millions of users around the world. Surely many of you already know first-hand that it is a free antivirus that is included with the operating system and that it is already configured from the start. It is true that it has its ups and downs when it comes to responding to all kinds of threats. Microsoft tries to solve the possible problems that we can find based on updates that are released periodically.
Along these same lines, we want to talk about a vulnerability that has recently been discovered and that could endanger our computer. And it is something that directly affects the internal functioning of the Microsoft antivirus and could endanger the operating system itself. In order for us to understand where the risk of the vulnerability that we are going to talk about next lies, we must first know how an antivirus works internally.
It should be borne in mind that, as with many other security solutions, Windows Defender uses an internal system based on automatically generated blacklists to detect and stop threats. In this way, before allowing a file to run and it can damage our equipment, it compares it with its database.
How to fix Windows Defender vulnerability
Here are all known threats at the time. In the event that it finds a match, it stops its execution and warns us about the danger of that file. That is roughly one of the modes of operation of the antivirus that we find in our operating system by default. Once we know all this, we must bear in mind that some security experts have discovered a new exploit that allows the aforementioned threats to be eliminated from the security program’s database.
With all this, what we really want to tell you is that it may be the case that an attacker can eliminate a threat from the Windows Defender database. It does all of this by hijacking the update process of the antivirus itself in order to send a fake update. This means that these attackers could bypass the antivirus to send their attacks to our computer without any problem. Windows Defender would not be able to detect that specific malicious code as it had been previously deleted.
We must bear in mind that this vulnerability that we are talking about is found in versions prior to 4.18.2303.8 of Windows Defender. Basically what we want to tell you with all this is that it would be advisable to update the antivirus to its latest version through the Windows Settings application. All we have to do is go to the Windows Update tool and automatically search for the latest updates so that the latest version of the antivirus reaches our computer.
