Three unpatched vulnerabilities in Windows Defender are now being used by hackers to breach corporate networks, a cybersecurity firm reported on Wednesday. The flaws were disclosed earlier this week by a security researcher who also published proof-of-concept code. Within days, attackers began incorporating the exploits into real-world campaigns targeting organizations.
The vulnerabilities affect the default antivirus software installed on most Windows systems. They allow remote code execution when an attacker sends a specially crafted file to a vulnerable machine. The cybersecurity firm Sophos confirmed that it has observed active exploitation attempts against multiple clients in Europe and North America.
Researchers at Sophos emphasized that the flaws remain unpatched as of this report. Microsoft has not issued an official fix, though the company acknowledged receipt of the vulnerability details. The tech giant typically releases security updates on the second Tuesday of each month, but no patch is currently scheduled for these issues.
The disclosure of the vulnerabilities and exploit code has accelerated the timeline for potential attacks. Cybercriminals often scan for newly published flaws within hours of public disclosure. In this case, the availability of working exploit code removed the need for attackers to develop their own tools.
Security teams are urged to apply temporary mitigations if possible. These include disabling specific features in Windows Defender and monitoring network traffic for signs of exploitation. Experts warn that without an official patch, organizations remain exposed to significant risk.
Source: techcrunch.com