Windows Defender Bug Surprisingly Allows Directly Downloaded Malware Into Windows

windows defender
They say with great power comes great responsibility, and you would think Windows Defender would be incredibly responsible -- at least when it comes to security. As it turns out, however, that Windows Defender shared its “great power” in allowing its command line utility to download potentially malicious files to a Windows PC.

Windows Defender, the basic malware protection on any modern Windows PC, also comes packed with another handy feature: a command line interface. The “MpCmdRun.exe” (Microsoft Protection CMD) allows for utilization of security features through command line. Users could scan, trace, and tinker with a variety of commands. Now, in an update to Windows Defender, security researcher Askar Mohammad discovered that files can be downloaded with the -DownloadFile argument and a URL to accompany it.
This -DownloadFile functionality allows a local user to download a file. In theory, however, Windows Defender and hopefully other antivirus software packages should detect malware and remove it. No matter what, this is just another vulnerability that could be exploited that people need to watch out for.

Ultimately, it is rather interesting that something like this was discovered. One would think that a defender would not normally allow an attacker through the front gate. In any case, this is a healthy reminder to make sure your network ports are secure and unwanted downloads are blocked while upholding any "great responsibility."