Exploits Turn Windows Defender into Attacker Tool

Summary

Three proof-of-concept exploits are being actively leveraged in attacks to abuse Microsoft's Windows Defender security platform, turning it into a weapon for attackers. Two of the three exploits remain unpatched, leaving systems vulnerable to this abuse vector. The attacks demonstrate a novel technique of weaponizing built-in security tools against their intended purpose.

Indicators of Compromise

• malware — Windows Defender exploitation

Entities