Microsoft Defender, a protection software, has recently been updated to fix a severe security concern. The issue, which was traced back to 2014 and impacts Windows 10, lets users exclude some locations from antivirus scanning, in turn allowing malware to be installed.
Due to a misconfigured registry key, this weakness, which has been present since 2014, allows users to access antivirus security safeguards. As a result, the key HKLM\Software\Microsoft\Windows Defender\Exclusions contains all spaces which aren't scanned by antivirus software. The issue is that the key is quite easy to obtain, as long as the 'Everyone' group has access to it. To change the contents of Windows, users are required to use a command prompt or a small click in the Settings menu.
On Twitter, security researcher Antonio Cocomazzi says, Microsoft has patched the problem on Windows 10 20H2 PCs after deploying the February 2022 Patch Windows updates. Another researcher, Will Dormann of CERT/CC, validated this information, stating they acquired the privileges to change without installing any updates, implying the change might have been applied by both Windows updates and Microsoft Defender’s cybersecurity updates.
After determining which directories were assigned to the antivirus block list, attackers might transmit and operate malware from a prohibited folder on an exploited Windows PC without danger of detection and neutralization. The permissions for Windows advanced security setups for Defender restrictions have been modified, with the 'Everyone' group deleted from the Register key's permission.
- The Exclusions Register key now has new permissions.
- Access to Defender exclusions is now blocked.
- Users with admin credentials are now required to access the database of exclusions through the command prompt or when creating exclusions using the Windows Security setup screen on Windows 10 systems in which this change has already been carried out.
Microsoft is yet to comment on this problem, which was found as of late and has existed since the introduction of Windows 10. However, it is clear that Redmond's publisher has taken the appropriate steps. Furthermore, administrator rights are now required to view the list of locations blocked by the antivirus.