{"id":137276,"date":"2024-12-15T10:14:56","date_gmt":"2024-12-15T03:14:56","guid":{"rendered":"https:\/\/hotvideos24.online\/?p=137276"},"modified":"2024-12-15T10:14:56","modified_gmt":"2024-12-15T03:14:56","slug":"microsoft-confirms-critical-windows-defender-security-vulnerability","status":"publish","type":"post","link":"https:\/\/hotvideos24.online\/?p=137276","title":{"rendered":"Microsoft Confirms Critical Windows Defender Security Vulnerability"},"content":{"rendered":"<p> <script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3711241968723425\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-format=\"fluid\"\r\n     data-ad-layout-key=\"-fb+5w+4e-db+86\"\r\n     data-ad-client=\"ca-pub-3711241968723425\"\r\n     data-ad-slot=\"7910942971\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script><br \/>\n<\/p>\n<div>\n<figure class=\"embed-base image-embed embed-0\" role=\"presentation\"><figcaption><fbs-accordion><\/p>\n<p class=\"color-body light-text\" role=\"button\">Microsoft confirms critical Windows Defender vulnerability<\/p>\n<p><\/fbs-accordion><small>getty<\/small><\/figcaption><\/figure>\n<p>Microsoft has confirmed that a critical-rated security vulnerability that impacted Windows Defender and could allow the improper authorization of an index containing sensitive information from a global files search would allow an attacker to disclose that data over a network. Yet, Microsoft said, Windows users needed to take no action\u2014so, what\u2019s going on?<\/p>\n<p><a class=\"embed-base color-body color-body-border link-embed embed-2\" href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/12\/14\/400-million-microsoft-users-put-at-risk-from-no-interaction-2fa-bypass\/\" target=\"_blank\" aria-label=\"Microsoft Warning As No-User-Interaction 2FA Bypass Attack Confirmed\" rel=\"noopener noreferrer\" data-ga-track=\"forbesEmbedly:https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/12\/14\/400-million-microsoft-users-put-at-risk-from-no-interaction-2fa-bypass\/\"><span class=\"link-embed__info\"><span class=\"link-embed__provider\">Forbes<\/span><span class=\"link-embed__title\">Microsoft Warning As No-User-Interaction 2FA Bypass Attack Confirmed<\/span><small class=\"link-embed__byline\">By <span class=\"link-embed__author\">Davey Winder<\/span><\/small><\/span><span class=\"link-embed__thumbnail-wrapper\"><span class=\"link-embed__thumbnail allow-inline-style\" style=\"background-image: url(https:\/\/specials-images.forbesimg.com\/imageserve\/675c3e870eccda93d7bc57b2\/960x0.jpg);\"\/><\/span><\/a><\/p>\n<h2 class=\"subhead-embed color-accent bg-base font-accent font-size text-align\">Microsoft Windows Defender CVE-2024-49071 Vulnerability Confirmed<\/h2>\n<p>A Dec. 12 posting to <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2024-49071\" rel=\"nofollow noopener noreferrer\" target=\"_blank\" class=\"color-link\" title=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2024-49071\" data-ga-track=\"ExternalLink:https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2024-49071\" aria-label=\"Microsoft\u2019s security update guide\">Microsoft\u2019s security update guide<\/a> has confirmed that a Windows Defender vulnerability, rated as critical according to Microsoft itself, could have enabled an attacker who successfully exploited the issue to leak file content across a network.<\/p>\n<p>According to the <a href=\"https:\/\/debricked.com\/vulnerability-database\/vulnerability\/CVE-2024-49071\" rel=\"nofollow noopener noreferrer\" target=\"_blank\" class=\"color-link\" title=\"https:\/\/debricked.com\/vulnerability-database\/vulnerability\/CVE-2024-49071\" data-ga-track=\"ExternalLink:https:\/\/debricked.com\/vulnerability-database\/vulnerability\/CVE-2024-49071\" aria-label=\"Debricked vulnerability database\">Debricked vulnerability database<\/a>, CVE-2024-49071 the issue arose because Windows Defender created a \u201csearch index of private or sensitive documents,\u201d but it did not \u201cproperly limit index access to actors who are authorized to see the original information.\u201d<\/p>\n<p><fbs-ad position=\"inread\" progressive=\"\" ad-id=\"article-0-inread\" aria-hidden=\"true\" role=\"presentation\"\/><\/p>\n<p>Debricked reported that there have been no known exploitations of the vulnerability, despite the attack complexity being low. An attacker would have required some degree of access to Windows Defender in order to have been able to exploit this vulnerability.<\/p>\n<p><a class=\"embed-base color-body color-body-border link-embed embed-4\" href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/12\/12\/new-windows-0day-attack-confirmed-homeland-security-says-update-now\/\" target=\"_blank\" aria-label=\"New Windows 0Day Attack Strikes\u2014Microsoft Warns Millions To Update Now\" rel=\"noopener noreferrer\" data-ga-track=\"forbesEmbedly:https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/12\/12\/new-windows-0day-attack-confirmed-homeland-security-says-update-now\/\"><span class=\"link-embed__info\"><span class=\"link-embed__provider\">Forbes<\/span><span class=\"link-embed__title\">New Windows 0Day Attack Strikes\u2014Microsoft Warns Millions To Update Now<\/span><small class=\"link-embed__byline\">By <span class=\"link-embed__author\">Davey Winder<\/span><\/small><\/span><span class=\"link-embed__thumbnail-wrapper\"><span class=\"link-embed__thumbnail allow-inline-style\" style=\"background-image: url(https:\/\/specials-images.forbesimg.com\/imageserve\/63492f420fdc004a1db5c040\/960x0.jpg);\"\/><\/span><\/a><\/p>\n<h2 class=\"subhead-embed color-accent bg-base font-accent font-size text-align\">Why Windows Defender Users Are Advised No Action Is Necessary<\/h2>\n<p>You might think it odd that Microsoft\u2019s advice to concerned users is that they need do nothing concerning this critical vulnerability impacting Windows Defender file content integrity. However, there is security method to this apparent madness. Yes, the issue has been fixed by Microsoft, but not by releasing an update that end users need to install. It has all been fixed behind the scenes at the server end of the equation.<\/p>\n<p>As part of <a href=\"https:\/\/msrc.microsoft.com\/blog\/2024\/06\/toward-greater-transparency-unveiling-cloud-service-cves\/\" rel=\"nofollow noopener noreferrer\" target=\"_blank\" class=\"color-link\" title=\"https:\/\/msrc.microsoft.com\/blog\/2024\/06\/toward-greater-transparency-unveiling-cloud-service-cves\/\" data-ga-track=\"ExternalLink:https:\/\/msrc.microsoft.com\/blog\/2024\/06\/toward-greater-transparency-unveiling-cloud-service-cves\/\" aria-label=\"a new move towards more transparency when it comes to revealing server-side security vulnerabilities\">a new move towards more transparency when it comes to revealing server-side security vulnerabilities<\/a>, announced by Microsoft\u2019s security response team back in June, 2024, this is a notification for users rather than a call to action. \u201cWe will issue CVEs for critical cloud service vulnerabilities,\u201d Microsoft said, \u201cregardless of whether customers need to install a patch or to take other actions to protect themselves.\u201d<\/p>\n<p>And that is the case here: \u201cThe vulnerability documented by this CVE requires no customer action to resolve,\u201d Microsoft said, \u201cthis vulnerability has already been fully mitigated by Microsoft.\u201d So, there we have it. A critical Windows Defender vulnerability fixed quietly in the background, but with full transparency from Microsoft. Now that\u2019s what good security looks like.<\/p>\n<p><a class=\"embed-base color-body color-body-border link-embed embed-6\" href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/12\/10\/new-android-windows-warning-this-attack-downdates-browser-security\/\" target=\"_blank\" aria-label=\"New Android, Windows Warning\u2014Attack Erases Browser Security Updates\" rel=\"noopener noreferrer\" data-ga-track=\"forbesEmbedly:https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/12\/10\/new-android-windows-warning-this-attack-downdates-browser-security\/\"><span class=\"link-embed__info\"><span class=\"link-embed__provider\">Forbes<\/span><span class=\"link-embed__title\">New Android, Windows Warning\u2014Attack Erases Browser Security Updates<\/span><small class=\"link-embed__byline\">By <span class=\"link-embed__author\">Davey Winder<\/span><\/small><\/span><span class=\"link-embed__thumbnail-wrapper\"><span class=\"link-embed__thumbnail allow-inline-style\" style=\"background-image: url(https:\/\/specials-images.forbesimg.com\/imageserve\/660d1b09f7df78879da1abfd\/960x0.jpg);\"\/><\/span><\/a>\n<\/div>\n<p><script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3711241968723425\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-format=\"fluid\"\r\n     data-ad-layout-key=\"-fb+5w+4e-db+86\"\r\n     data-ad-client=\"ca-pub-3711241968723425\"\r\n     data-ad-slot=\"7910942971\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script><br \/>\n<br \/><div data-type=\"_mgwidget\" data-widget-id=\"1660802\">\r\n<\/div>\r\n<script>(function(w,q){w[q]=w[q]||[];w[q].push([\"_mgc.load\"])})(window,\"_mgq\");\r\n<\/script>\r\n<br \/>\n<br \/><a href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/12\/14\/new-critical-windows-defender-vulnerability-confirmed-by-microsoft\/\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft confirms critical Windows Defender vulnerability getty Microsoft has confirmed that a critical-rated security vulnerability that impacted Windows Defender and could allow the improper authorization of an index containing sensitive &hellip; <a href=\"https:\/\/hotvideos24.online\/?p=137276\" class=\"more-link\">Read More<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8630],"tags":[],"class_list":["post-137276","post","type-post","status-publish","format-standard","hentry","category-technology","entry"],"_links":{"self":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/posts\/137276","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=137276"}],"version-history":[{"count":0,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/posts\/137276\/revisions"}],"wp:attachment":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=137276"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=137276"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=137276"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}