Unpatched Microsoft Defender flaw lets hackers gain admin access PCWorld

pWhen you purchase through links in our articles we may earn a small commission This doesnt affect our editorial independenceppA security vulnerability was recently discovered in Microsoft Defender the firstparty Windows 11 antivirus tool used by millions Attackers can exploit this vulnerability to gain elevated system privileges and cause significant damage without users noticingppThe socalled RedSun vulnerability was discovered by security researcher Chaotic Eclipse the same one who previously published a Windows exploit after Microsoft ignored his reportppHes doing so again In a new GitHub repository for RedSun he explains the vulnerability and how to exploit itppNow normally I would just drop the PoC code and let people figure it out But I cant for this one its way too funny When Windows Defender realizes that a malicious file has a cloud tag for whatever stupid and hilarious reason the antivirus thats supposed to protect decides that it is a good idea to just rewrite the file it found again to its original location The PoC abuses this behaviour to overwrite system files and gain administrative privilegesppI think antimalware products are supposed to remove malicious files not be sure they are there but thats just meppDespite the danger in releasing an exploit for a vulnerability in Windows Defender that could affect millions of users Chaotic Eclipse is doing so out of frustration which he explains in a recent blog post Normally I would go through the process of begging Microsoft to fix a bug but to summarize I was told personally by them that they will ruin my life and they did He goes on They mopped the floor with me and pulled every childish game they could It was soo bad at some point I was wondering if I was dealing with a massive corporation or someone who is just having fun seeing me suffer but it seems to be a collective decisionppChaotic Eclipse is referring to the Microsoft Security Response Center which is responsible for collecting and processing newly discovered security vulnerabilities and forwarding requests so that developers can release a corresponding patchppThe issue with Microsoft Defender was discovered following the latest Patch Tuesday in April and affects systems running Windows 10 Windows 11 and Windows Server where Microsoft Defender is activeppAs with BlueHammer this exploit is legitimate but theres no evidence that its already being exploited in the wild However this could change on a dime if hackers follow the instructions provided Microsoft has not yet announced a patch that will resolve the issueppUntil the issue is resolved you should consider using additional antivirus software on your PC alongside Microsoft Defender Check out PCWorlds picks for the best Windows antivirus softwareppBy the way If youre using Windows 11 Home youre missing out on the many benefits of Windows 11 Pro To learn more see our comparison of Windows 11 Home and Pro If you want to upgrade snag it for cheap in the PCWorld Software Store now just 59 instead of 99ppThis article originally appeared on our sister publication PCWELT and was translated and localized from GermanppLaura is an enthusiastic gamer as well as a movie and TV fan After studying communication science she went straight into a job at PCMagazin and Connect Living Since then she has been writing about everything to do with PCs and technology topics and has been a permanent editor at our German sister site PCWELT since May 2024ppBusinessppLaptopppMobileppPC HardwareppStorageppDealsppDigital Magazine SubscribeppDigital Magazine InfoppGift SubscriptionppNewslettersp