A newly disclosed vulnerability (RedSun) in Windows Defender exploits a quirk in how the antivirus handles files tagged with a cloud marker. Instead of removing detected malicious files, Defender rewrites them back to their original location. A proof-of-concept abuses this behavior to overwrite system files and escalate privileges to administrator level.
Sort: