Windows 10: Microsoft Defender’s exclusion list is readable by attackers

by Don Sharpe
Don Sharpe
Don Sharpe
Don has been writing professionally for over 10 years now, but his passion for the written word started back in his elementary school days. His work has been... read more
Affiliate Disclosure
  • Microsoft added a new feature to Windows Defender’s default settings that allows attackers to read the exclusion list on a target system.
  • Microsoft announced the release of a security update that eliminates a vulnerability exploited by malware that was first reported publicly eight years ago.
  • Windows Defender AV tool provides the capability to view and edit file system, driver, and registry exclusions on the system.

To fix various PC problems, we recommend Restoro PC Repair Tool:
This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues and remove viruses now in 3 easy steps:

  1. Download Restoro PC Repair Tool that comes with Patented Technologies (patent available here).
  2. Click Start Scan to find Windows issues that could be causing PC problems.
  3. Click Repair All to fix issues affecting your computer's security and performance
  • Restoro has been downloaded by 0 readers this month.

Security researchers have discovered a vulnerability in Microsoft’s antivirus software that could allow attackers to bypass the anti-malware protections on Windows machines.

A report from Bleeping Computer about a problem with the latest versions of Microsoft’s Windows 10 operating system states that the issue specifically impacts devices running versions 21H1 and 21H2.

Microsoft Defender

Microsoft Defender is a free anti-malware program that scans files and processes for threats and can protect Windows PCs from viruses, malware, ransomware, and other security threats.

The Windows Defender Security Center add-in also lets you prevent specific files, file types, folders, processes, locations, or executable files from being scanned by using the exclusions feature.

This feature can be useful in certain situations in which malicious software is incorrectly classified as a legitimate application.

The exclusion lists that protect various Windows 10 components vary among users and allow threat actors to track locations and store malicious files on devices.

Antonio Cocomazzi, a Threat Intelligence Researcher at SentinelOne, said Microsoft Defender allows any local user to read the sensitive data stored in exclusion lists via registry queries; this is factually accurate and makes no use of informal speech.

The Windows Defender AV tool allows users to read the file system and registry exclusions on the system.

Microsoft Defender’s security flaw 

Additionally, cyber security architect Nathan McNulty pointed out that attackers might exploit the registry tree to gain access to exclusion lists for multiple systems.

“For those configuring Defender AV on servers, be aware that there are automatic exclusions that get enabled when specific roles or features are installed,” McNulty indicated on Twitter. 

However, you can create a custom installation location for an application that isn’t on the list.

Security updates

Microsoft announced today the release of a security update that eliminates the vulnerability that can be exploited by malware. The vulnerability was first reported by security researchers eight years ago.

Microsoft has not yet addressed this issue, and there is no information about when a solution might be available for users of its Windows operating system.

Administrators are advised to set up Microsoft Defender exclusions using the group policies on both Windows 10 and Windows Server machines.

Have you been affected by Microsoft Defender’s security flaw before? Share your thoughts with us in the comment section below.

idee restoro Still having issues? Fix them with this tool:
  1. Download this PC Repair Tool rated Great on (download starts on this page).
  2. Click Start Scan to find Windows issues that could be causing PC problems.
  3. Click Repair All to fix issues with Patented Technologies (Exclusive Discount for our readers).

Restoro has been downloaded by 0 readers this month.