News
Microsoft fixes a serious security issue that affected Windows Defender
The company claims that it is not necessary for users to take action
- December 16, 2024
- Updated: July 1, 2025 at 10:37 PM
Microsoft has revealed a critical vulnerability in Windows Defender that could have allowed the exposure of sensitive data over a network. The security breach, identified as CVE-2024-49071, was made public on December 12 in the company’s security update guide. According to Microsoft, users do not need to take any action, as the solution was deployed remotely on the servers.
Subscribe to the Softonic newsletter and get the latest in tech, gaming, entertainment and deals right in your inbox.
Subscribe (it's FREE) ►The problem was that Windows Defender created an “index of private or sensitive document searches” without adequately limiting access to it. This, according to the Debricked vulnerability database, could have allowed unauthorized actors to access confidential information. Although the complexity of the attack was low, exploiting it required some prior access to Windows Defender. Fortunately, no cases of exploitation of this vulnerability have been reported so far.
Microsoft has clarified that the vulnerability has already been completely fixed and that users do not need to install patches or make adjustments. This strategy, although unusual for a critical vulnerability, reflects a new approach by the company towards transparency in security matters. Since June 2024, Microsoft has committed to notifying users about critical vulnerabilities in cloud services, even when it is not necessary for them to take direct action.
“We will issue CVEs for critical vulnerabilities in cloud services, regardless of whether customers need to install a patch or take other measures to protect themselves,” stated Microsoft mid-year. This approach aims to strengthen trust in the company by proactively reporting on issues that have already been resolved.
In this case, Microsoft states that “the vulnerability documented by this CVE does not require any customer action to be resolved” and added that “it has already been fully mitigated.”
Publicist and audiovisual producer in love with social networks. I spend more time thinking about which videogames I will play than playing them.
Latest from Pedro Domínguez
- Fraudulent Websites Are on the Rise: Here’s How Avast Free Antivirus Keeps You Safe
- Unplug This Summer Without Compromising Your Digital Security — Get Protected with Avast Free Antivirus
- Have You Ever Stopped to Think About How Much Personal Information You Share Online Every Day?
- National Streaming Day: How On-Demand Entertainment Has Redefined Our Viewing Habits
You may also like
NewsThis series starring Kristen Bell and Adam Brody returns to Netflix with its second season
Read more
News8,424 cryptocurrency wallets are stolen due to a cybersecurity issue
Read more
NewsIf you're missing wacky humor in Borderlands 4, this modder is the reason it hasn't been there and for it to come back
Read more
NewsIt’s the new French series that everyone is talking about and it will premiere very soon on Apple TV+
Read more
NewsThe Yakuza saga confirms a remake of its most polarizing installment among fans
Read more
NewsOne of the great classics of the 2000s video game will receive a remaster worthy of its legend
Read more