News
Microsoft fixes a serious security issue that affected Windows Defender
The company claims that it is not necessary for users to take action
- December 16, 2024
- Updated: December 16, 2024 at 5:51 PM
Microsoft has revealed a critical vulnerability in Windows Defender that could have allowed the exposure of sensitive data over a network. The security breach, identified as CVE-2024-49071, was made public on December 12 in the company’s security update guide. According to Microsoft, users do not need to take any action, as the solution was deployed remotely on the servers.
Subscribe to the Softonic newsletter and get the latest in tech, gaming, entertainment and deals right in your inbox.
Subscribe (it's FREE) ►The problem was that Windows Defender created an “index of private or sensitive document searches” without adequately limiting access to it. This, according to the Debricked vulnerability database, could have allowed unauthorized actors to access confidential information. Although the complexity of the attack was low, exploiting it required some prior access to Windows Defender. Fortunately, no cases of exploitation of this vulnerability have been reported so far.
Microsoft has clarified that the vulnerability has already been completely fixed and that users do not need to install patches or make adjustments. This strategy, although unusual for a critical vulnerability, reflects a new approach by the company towards transparency in security matters. Since June 2024, Microsoft has committed to notifying users about critical vulnerabilities in cloud services, even when it is not necessary for them to take direct action.
“We will issue CVEs for critical vulnerabilities in cloud services, regardless of whether customers need to install a patch or take other measures to protect themselves,” stated Microsoft mid-year. This approach aims to strengthen trust in the company by proactively reporting on issues that have already been resolved.
In this case, Microsoft states that “the vulnerability documented by this CVE does not require any customer action to be resolved” and added that “it has already been fully mitigated.”
Publicist and audiovisual producer in love with social networks. I spend more time thinking about which videogames I will play than playing them.
Latest from Pedro Domínguez
- Meta is willing to do whatever it takes to prevent OpenAI from becoming a for-profit company
- Optimizing Your PC for the Holidays with CCleaner Free
- Microsoft improves the integration between iPhone and Windows with Phone Link
- Instagram launches a new type of Reels that will only be shared with people who don't follow you
You may also like
Meta is willing to do whatever it takes to prevent OpenAI from becoming a for-profit company
Read more
ChatGPT 01 vs 4.0: What are the differences and when should we use one or the other
Read more
This miniseries based on real events has unexpectedly made it into the top of Netflix's most-watched list
Read more
Optimizing Your PC for the Holidays with CCleaner Free
Read more
How to Avoid Malware Infections from Holiday Greetings and Electronic Christmas Cards
Read more
How to Identify and Avoid Holiday Phishing Scams
Read more