Windows Defender update used by hackers


A recent update to Windows 10's Microsoft Windows Defender antivirus solution Microsoft Defender version 4.18.2007.9 can be used to download malware and other files to a Windows computer.

Legitimate operating system files that can be abused for malicious purposes are known as living-off-the-land binaries or LOLBINs.

In a recent Microsoft Windows Defender update version 4.18.2007.9, the command-line MpCmdRun.exe tool has been updated to download malicious files from a remote location.

With this new feature, Microsoft Defender is now part of the long list of Windows programs that can be abused by local attackers.

a recent update to Microsoft Windows Defender's version 4.18.2007.9 command-line tool now includes a new -DownloadFile command-line argument.

How they use Windows Defender last update

This directive allows a local user to use the Microsoft Anti malware Service Command Line Utility (MpCmdRun.exe) to download a file from a remote location using the following command: MpCmdRun.exe -DownloadFile -url [url] -path [path_to_save_file]

you can find it in this path:
C:\ProgramData\Microsoft\Windows Defender\Platform\[your version]


the new version

The good news is that Microsoft Windows Defender will detect malicious files downloaded with MpCmdRun.exe, but it is unknown if other AV software will allow this program to bypass their detection.

With this discovery, administrators now have an additional Windows executable that they need to monitor so that it is not used against them.

if you are using the old version of Microsoft Windows Defender update version 4.18.2004.6-0 you will not see DownloadFile argument for the same tool.

the old version

" So, What can we describe this ? a mistake from Microsoft or for helpful reasons "

Comments

Post a Comment

Popular posts from this blog

TIKTOK Free Crypto Promo Code Scam Explained

Image
This article about how this scam Free Crypto giveaway that run on TikTok, including the deceptive tactics used to ensnare victims. We will outline the scam process step-by-step so you can identify these frauds before falling for them. Our guide will also provide tips on what to do if you lose money to one of these crypto cons. Keep reading to learn how to steer clear of TikTok cryptocurrency scams. Scammers are use videos and fake profiles on TikTok that show Crypto Promo Code, pretending to be associated with Famous People. They lure people in with the promise of free Crypto . You will find our video in Mango School channel ,,, sorry about that google don't accept links After entering the given promo code, you will receive Crypto in your account. But wait, this is just a trick to make you believe the giveaway is real.  When you try to withdraw the Crypto , they ask for an activation fee as a deposit . People who pay this fee will lose their money and never get ...
Read-more »

LIST OF STOP DJVU Extensions

Image
Extension appended to the end of the encrypted data filename Older STOP (Djvu) Ransomware encryptions: .STOP, .SUSPENDED, .WAITING, .PAUSA, .CONTACTUS, .DATASTOP, .STOPDATA, .KEYPASS, .WHY, .SAVEfiles, .DATAWAIT, .INFOWAIT, .puma, .pumax, .pumas, .shadow, .djvu, .djvuu, .udjvu, .djvuq, .uudjvu, .djvus, .djvur, .djvut .pdff, .tro, .tfude, .tfudeq, .tfudet, .rumba, .adobe, .adobee, .blower, .promos, .promoz, .promock, .promoks, .promorad,, promorad2, .kroput, .kroput1, .charck, .pulsar1, .klope, .kropun, .charcl, .doples, .luces, .luceq, .chech, .proden, .drume, .tronas, .trosak, .grovas, .grovat, .roland, .refols, .raldug, .etols, .guvara, .browec, .norvas, .moresa, .verasto, .hrosas, .kiratos, .todarius, .hofos, .roldat, .dutan, .sarut, .fedasot, .forasom, .berost, .fordan, .codnat, .codnat1, .bufas, .dotmap, .radman, .ferosas, .rectot, .skymap, .mogera, .rezuc, .stone, .redmat, .lanset, .davda, .poret, .pidon, .heroset, .myskle, .boston, .muslat, .gerosan, .vesad, .horon, .neras, .tru...
Read-more »