Microsoft fixes a vulnerability detected in Windows Defender that has been present for 12 years
A security flaw was recently discovered in the Windows Defender antivirus, pre-installed by default in the Windows operating system that has gone unnoticed for 12 years. Last week the company announced a security patch to correct the bug.
According to the security company that discovered the flaw, SentinelOne, the security vulnerability allowed potential attackers to access Windows system security privileges, which are reserved exclusively for administrators. The vulnerability was found in Microsoft Defender, the antivirus pre-installed on Windows computers, and this means that the flaw was present in more than one billion devices worldwide.
As far as we have been able to learn, since 2009 this software had a driver known as BTR.sys, responsible for deleting the system file and other resources created by the malicious software on infected computers. The driver did not check in one of its processes whether the deleted and created files had been changed to a link, allowing an attacker to overwrite files on the device, an action exclusively reserved for the system administrator.
At the moment there is no evidence that the vulnerability has been exploited by cyber attackers and it may not have been detected in the 12 years that it has been present in the system.
It was just last Tuesday when the Redmond company released an update that put an end to the problem. It was dubbed CVE-2021-24092. The patch was automatically distributed to all Windows 10 users. However, devices with earlier versions such as Windows 7 remain vulnerable to potential attacks after the end of the company’s security support.