Windows Defender Bug Surprisingly Allows Directly Downloaded Malware Into Windows
They say with great power comes great responsibility, and you would think Windows Defender would be incredibly responsible -- at least when it comes to security. As it turns out, however, that Windows Defender shared its “great power” in allowing its command line utility to download potentially malicious files to a Windows PC.
Windows Defender, the basic malware protection on any modern Windows PC, also comes packed with another handy feature: a command line interface. The “MpCmdRun.exe” (Microsoft Protection CMD) allows for utilization of security features through command line. Users could scan, trace, and tinker with a variety of commands. Now, in an update to Windows Defender, security researcher Askar Mohammad discovered that files can be downloaded with the -DownloadFile argument and a URL to accompany it.
You can use C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.9-0\MpCmdRun.exe -url <url> -path <local-path> to download your file using Windows defender itself.
— Askar (@mohammadaskar2) September 2, 2020
Ultimately, it is rather interesting that something like this was discovered. One would think that a defender would not normally allow an attacker through the front gate. In any case, this is a healthy reminder to make sure your network ports are secure and unwanted downloads are blocked while upholding any "great responsibility."
