Hearing the terms Microsoft and security weakness in the same sentence is enough to send anyone into a slight panic. Across the world, Microsoft software is the backbone of corporate communications and collaborations.
Like all companies, though, Microsoft is vulnerable to data breaches and the company’s people – like all humans – can make mistakes, which appears to be what’s happened as of late.
In January of this year, security researchers announced the discovery of a decade-old security weakness in Microsoft Defender. The technical glitch within the software allows hackers to inject malicious software into a device without being detected by the program.
What is Microsoft Defender?
Microsoft Defender is an antivirus solution. It is the default software for all Microsoft Windows 10 devices and runs on over 1 billion devices globally.
Broadly speaking, antivirus is a type of software that prevents the proliferation of malicious viruses and software on devices, such as ransomware, spyware, worms, and Trojan horses.
These solutions work in the background on company devices, automatically scanning for potential viruses. If a virus is detected, it will be removed from the device before it can cause destruction.
What is the security weakness in Microsoft Defender?
The Microsoft Defender flaw was discovered by security researchers at SentinelOne. Essentially, some applications trigger a false positive alert when Microsoft Defender scans them.
To prevent users from being inundated with false-positive flags, the software has been designed to exclude certain programs from the scan.
If a malicious actor was able to learn about these excluded locations, they could then inject malware into the unchecked applications without the antivirus detecting anything.
Moreover, it’s easy for a malicious actor to discover these locations. They just need to run a “reg query” demand on the device to find them. Armed with this knowledge, they can inject the malware.
It’s worth noting that, for a hacker to exploit this glitch, they need to have local access to the device they want to infect. While this makes the weakness slightly less threatening, we must remember that hackers are infamous for compromising endpoints and networks, meaning the exploitation of this flaw is not far-fetched at all.
In fact, to test the weakness, the security researchers who discovered the flaw ran their own experiment and found they could successfully deploy ransomware on a device without Microsoft Defender picking it up!
Scarier still is the fact that this vulnerability is almost a decade old. Who is to say that these researchers are the first to discover this flaw and hackers haven’t secretly been exploiting it for years?
What does Microsoft say about this flaw?
At the time of writing, Microsoft is yet to release any updates or patches for the weakness in Microsoft Defender. However, that doesn’t mean your company can rest easy. Now that this weakness is out in the open, hackers may attempt to exploit it – and fast.
How can I protect my business?
If you use Windows 11, then this weakness doesn’t apply to your devices. However, if you use Windows 10, then you need to take action.
The first thing to do is check your Microsoft Defender configurations. Ensure that any exclusions are configured with group policies.
If you don’t have a dedicated IT person, then we advise working with an IT services provider, who can check the security of your corporate devices and ensure that Microsoft Defender is running securely.
Go beyond antivirus
This event also serves as a reminder that no security solution is entirely bulletproof. To best protect your organization, you need to take a holistic approach to security. Antivirus, on its own, is not enough to protect against today’s complex and ever-evolving threats.
Again, working with an IT services provider can help you to build a more comprehensive security posture. You’ll gain access to third-party expertise and knowledge at a fraction of the cost of hiring a full-time employee.
With the average data breach costing SMBs $108,000, being proactive about cybersecurity is essential. As the saying goes, “An ounce of prevention equals a pound of cure”.
While you’re busy running your business, it can be hard to keep pace with the latest cyber security threats and risks – like the Microsoft Defender weakness.
By working with an outsourced provider, you can improve your security posture and ensure you focus your time on what you do best: running and growing your business.
Protect your company from today’s cyber risks
Managed IT services provide proactive support that lowers your costs and cyber security risks. B-Comp Services can work with your Denver area business to customize a plan that fits your needs and budget, keeping you safe from today’s threat actors.
Contact us today to discuss your support possibilities. Call at 303-282-4934 or contact us online.