Defender bypass allows threats to be removed from protection database

A lot of people rely on Windows Defender to protect their systems, it's free and installed by default so why not? Defender uses a blacklisting approach to stop threats. Before allowing a file to execute, it will compare it against its database of known threats and stop it from executing if it's on there. However, researchers at SafeBreach have uncovered an exploit that can allow threats to be removed from the database. An attacker can delete a threat from the Windows Defender signature database by hijacking the Windows Defender update process to push a fake update. Windows Defender versions prior… [Continue Reading]