Well, what do you know! A researcher has found a hole in Microsoft Defender that lets the security solution double as a virus download tool. In that, you can sneak in malware via the program itself.
The culprit in question is the Microsoft AntiMalware Service Command Line Utility.
Also known as MpCmdRun.exe.
As discovered, Redmond recently updated the command line utility. And in doing so, it mistakenly left the door open to a simply exploit that makes it possible to download files from a remote location — any remotely stored file, that is to say.
You can grab a legitimate file, or as the researcher found out, even malicious payload. And by the same flip of the coin, so can a cybercriminal that has control of your system.
Sure, Microsoft Defender still scans the download, and clears out any infected package. But there are ways around this that malicious actors can pursue in order to deploy malware on computers. This utility simply gives them another attack vector.
The easiest way to prevent any exploit is to just block MpCmdRun.exe from connecting to remote locations, and if you are an IT administrator you can set up a firewall rule to limit Internet access.
That is, until Microsoft gets around to fixing this little security loophole.
