Reply to post: The revelation...

Microsoft downplays alarm over Windows Defender 'flaw'

Missing Semicolon Silver badge
Unhappy

The revelation...

is that Defender doesn't scan the executable as it is loaded by CreateProcess, but separately opens the file, scans the data it finds, then allows CreateProcess to continue.

This is ripe for exploitation by anything tyhat can also hook file system reads.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019