Bad Combination

13th January 2021

Uncategorised

Microsoft Defender Remote Code Execution Vulnerability

CVE-2021-1647

This is what many security professionals have been dreading. M$ Defender is on by default on all builds, installing patches turns it back on, some companies force it to be on. It has system level authority which is 1 level better than administrator. Combine that with the unwillingness to patch servers for fear of breaking them and this is worst possible combination. Which is why Microsoft is trying to sandbox Defender.