Microsoft has announced the correction of the privileges in Microsoft Defender. The error allowed cybercriminals to receive administrator rights in unprotected Windows systems.
According to the statistics of the Corporation, Microsoft Defender is the default decision to protect against malicious software, installed by more than 1 billion systems running Windows 10.
The revealed privilege increase vulnerability, which is tracked as CVE-2021-24092, is relevant for all versions of Microsoft Defender since 2009, and also affects all server and client issues, starting with Windows 7 and higher.
Cybercriminals with initial user rights can use the CVE-2021-24092 vulnerability when performing low complexity attacks, which involves the absence of any user interaction. Microsoft note that vulnerability affects other corporation security products, including: Endpoint Protection, Security Essentials and System Center Endpoint Protection.
The Vulnerability of CVE-2021-24092 was discovered by Sentinelone back in November 2020. On February 9, 2021, Microsoft announced the release of a patch to eliminate this error, as well as many other vulnerabilities.
The CVE-2021-24092 vulnerability was found in the BTR.SYS driver (better known as the download time deletion tool), which is used in the correction procedure to delete files and registry entries created by malicious software in infected systems.
"Until the CVE-2021-24092 vulnerability, it remained unnoticed for 12 years. This happened due to the specificity of the characteristics of the activation of this particular mechanism. We assume that this error was difficult to find, because the BTR.SYS driver is usually not present on the user's hard drive, and is activated only if necessary (with a random name) and removes, "says Sentinelone.
More interesting material on cisoclub.ru. Subscribe to us: Facebook | Vk | Twitter | Instagram | Telegram | Zen | Messenger | Icq new | YouTube | Pulse.