Windows 10's antivirus can download malware — Microsoft responds

1. Abode
2. News
3. Security

Windows 10'southward antivirus can download malware — Microsoft responds

(Image credit: ymgerman / Shutterstock )

UPDATE: As of Sept. 18, Microsoft has removed this feature, according to Bleeping Computer .

Well, here'due south a fine mess: The latest version of Windows Defender Antivirus for Windows 10 tin exist used to download malware.

That's co-ordinate to Bleeping Reckoner, which noticed a Twitter thread from security researcher Mohammad Askar in which Askar detailed how the Windows Defender command-line tool MpCmdRun.exe can be used to download any file from the internet.

• The best antivirus software to keep your organization make clean
• Lookout out, Zoom: Microsoft Teams is getting a killer new feature
• Latest: Nvidia GeForce RTX 3080 revealed: Engagement, price, specs, pre-gild

Then, of grade, Askar used information technology to download a (rubber) piece of threat-emulation software called Cobalt Strike, which is used to detect security holes in large local reckoner networks. Bleeping Estimator went a pace further and used the Windows Defender tool to download a sample of actual ransomware.

We ourselves, after a bit of command-line fiddling, used the tool to download an image from the Tom's Guide website. That was washed using administrative privileges, which you'd figure would be required to go into Windows Defender and use a command-line tool to download any file.

Only to meet how far we could go with this, we switched dorsum to our regular express-user mode. Then we used the same tool to download the EICAR test file -- a well-known piece of simulated malware -- to our own limited-user download folder. No administrative privileges were required.

(Image credit: Future)

Microsoft responds

Microsoft responded to our asking for comment with this statement, in full:

"Despite these reports, Microsoft Defender antivirus and Microsoft Defender ATP volition still protect customers from malware. These programs detect malicious files downloaded to the organization through the antivirus file download feature."

A Microsoft spokesperson clarified that the statement besides applies to Windows Defender Antivirus, the antivirus software that comes bundled into Windows 10 Home.

Oh the irony

This means that any piece of decently functioning malware that infects even a limited-user account will be able to utilize Windows Defender itself to download any file from the internet.

At that place were a couple of saving graces. We were not able to download the EICAR exam file to another user's download binder or to directories to which nosotros weren't entitled to write to or hadn't created ourselves -- even when logged in every bit an administrator.

That conforms to the Windows user parameters and indicates that this Windows Defender download tool can't be used to escalate privileges. In other words, malware can't use it to easily seize system control.

Likewise, our Bitdefender antivirus software spotted and quarantined the EICAR test file right away every fourth dimension. Nosotros don't use Windows Defender ourselves as our default antivirus software, only Windows Defender would almost certainly have as well spotted and defanged the EICAR examination file besides.

(Image credit: Hereafter)

And so in those respects, the Windows Defender download tool can't be used to practice anything worse than any malware that successfully infected your organisation could commonly be permitted to exercise, such as downloading a file through a spider web browser.

Simply there's always stuff that AV software won't detect. And of course Windows Defender is still present on every Windows 10 PC, whether or not you use third-party antivirus software. That's normally a good thing.

We've reached out to Microsoft for annotate and volition update this story when nosotros receive a respond.

You can effort this at home (but most people shouldn't)

If you're wondering how to do this, here's the filepath and commands. But brand sure you know what yous're doing:

C:\ProgramData\Microsoft\Windows Defender\platform\four.eighteen.2008.nine-0\MpCmdRun.exe -DownloadFile -URL <url> -path <local-path>

"<url>" is the URL you're downloading from, and it has to include the filename you want, such every bit "https://www.case.com/instance/foobar.txt."

"<local-path>" is where you want the file to go, and you accept to include the filename there as well: "C:\Users\Yous\Downloads\foobar.txt".

We found it easiest to merely change directories to C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.9-0\ and then go on from in that location. Your mileage may vary.

Update: Microsoft response

Microsoft responded to our asking for comment with this statement, in full:

"Despite these reports, Microsoft Defender antivirus and Microsoft Defender ATP volition nevertheless protect customers from malware. These programs detect malicious files downloaded to the system through the antivirus file download feature."

A Microsoft spokesperson clarified that the statement also applies to Windows Defender Antivirus, the antivirus software that comes bundled into Windows 10 Abode.

Paul Wagenseil is a senior editor at Tom'south Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than fifteen years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom'due south Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown upwards in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

Source: https://www.tomsguide.com/news/windows-10s-antivirus-can-download-malware-microsoft-responds

Posted by: holderenditarray.blogspot.com

Share this post