×

Registration

Profile Informations

Login Datas

or login

First name is required!
Last name is required!
First name is not valid!
Last name is not valid!
This is not an email address!
Email address is required!
This email is already registered!
Password is required!
Enter a valid password!
Please enter 6 or more characters!
Please enter 16 or less characters!
Passwords are not same!
Terms and Conditions are required!
Email or Password is wrong!

Windows Defender Can Now Surprisingly Directly Download Malware And Other Files To Windows

windows defender
They say with great power comes great responsibility, and you would think Windows Defender would be incredibly responsible -- at least when it comes to security. As it turns out, however, that Windows Defender shared its “great power” in allowing its command line utility to download potentially malicious files to a Windows PC.

Windows Defender, the basic malware protection on any modern Windows PC, also comes packed with another handy feature: a command line interface. The “MpCmdRun.exe” (Microsoft Protection CMD) allows for utilization of security features through command line. Users could scan, trace, and tinker with a variety of commands. Now, in an update to Windows Defender, security researcher Askar Mohammad discovered that files can be downloaded with the -DownloadFile argument and a URL to accompany it.

This -DownloadFile functionality allows a local user to download a file. In theory, however, Windows Defender and hopefully other anti-virus software packages should detect malware and remove it. No matter what, this is just another vulnerability that could be exploited that people need to watch out for.

Ultimately, it is rather interesting that something like this was discovered. One would think that a defender would not normally allow an attacker through the front gate. In any case, this is a healthy reminder to make sure your network ports are secure and unwanted downloads are blocked while upholding any "great responsibility."

Go to Source