12-year-old Windows Defender bug gives hackers admin rights

[tarekma7]

Microsoft has fixed a privilege escalation vulnerability in Microsoft Defender Antivirus (formerly Windows Defender) that could allow attackers to gain admin rights on unpatched Windows systems.

Microsoft Defender Antivirus is the default anti-malware solution on over 1 billion systems running Windows 10 according to Microsoft's stats.

CVE-2021-24092 impacts Defender versions going back as far as 2009, and it affects client and server releases starting with Windows 7 and up.

Threat actors with basic user privileges can exploit it locally, as part of low complexity attacks that don't require user interaction.

More info HERE