Windows Defender vulnerability finally patched after 12 years

Windows defender logo
(Image credit: Microsoft)

After twelve years of going unnoticed, a potential security threat hidden within a Windows defender driver has been exposed and fixed. The weakness in the Microsoft Defender software (as its now known) was actually flagged last November by researchers at security firm SentinelOne, but it's taken Microsoft until this week to finally patch it. 

According to Wired, the role of the driver in question is essentially to remove malicious files, while replacing them with a placeholder file—albeit an unvalidated file—which could potentially have become a target for hackers. According to SentinelOne's senior security researcher, Kasif Dekel, the software bug "allows privilege escalation,” providing administrative privileges to attackers that might attach malware to the temporary driver.

This could easily have resulted in hackers gaining control of your machine, and has put hundreds of thousands of users at risk due to the software coming pre-installed on Windows devices.

But the question remains, how has it gone unnoticed for so long?

Your next machine

(Image credit: Future)

Best gaming PC: the top pre-built machines from the pros
Best gaming laptop: perfect notebooks for mobile gaming

It seems the driver may have slipped under the radar due to it not being stored locally on your machine, instead Windows employs what they call a “dynamic-link library” meaning the driver is only present temporarily, as and when it's needed. 

Thankfully it was only a vulnerability should attackers already have access to your device, whether that be remote or physical, so the threat would have to have come as an aside to other, more prevalent cyber-attack strategies. 

Try not to panic, but this kind of thing happens all the time. It's impossible to catch every bug before software rolls out. Let's just be grateful none of those pesky hackers noticed this one.

TOPICS
Katie Wickens
Hardware Writer

Screw sports, Katie would rather watch Intel, AMD and Nvidia go at it. Having been obsessed with computers and graphics for three long decades, she took Game Art and Design up to Masters level at uni, and has been rambling about games, tech and science—rather sarcastically—for four years since. She can be found admiring technological advancements, scrambling for scintillating Raspberry Pi projects, preaching cybersecurity awareness, sighing over semiconductors, and gawping at the latest GPU upgrades. Right now she's waiting patiently for her chance to upload her consciousness into the cloud.