News
Microsoft fixes a serious security issue that affected Windows Defender
The company claims that it is not necessary for users to take action
- December 16, 2024
- Updated: July 1, 2025 at 10:37 PM
Microsoft has revealed a critical vulnerability in Windows Defender that could have allowed the exposure of sensitive data over a network. The security breach, identified as CVE-2024-49071, was made public on December 12 in the company’s security update guide. According to Microsoft, users do not need to take any action, as the solution was deployed remotely on the servers.
Subscribe to the Softonic newsletter and get the latest in tech, gaming, entertainment and deals right in your inbox.
Subscribe (it's FREE) ►The problem was that Windows Defender created an “index of private or sensitive document searches” without adequately limiting access to it. This, according to the Debricked vulnerability database, could have allowed unauthorized actors to access confidential information. Although the complexity of the attack was low, exploiting it required some prior access to Windows Defender. Fortunately, no cases of exploitation of this vulnerability have been reported so far.
Microsoft has clarified that the vulnerability has already been completely fixed and that users do not need to install patches or make adjustments. This strategy, although unusual for a critical vulnerability, reflects a new approach by the company towards transparency in security matters. Since June 2024, Microsoft has committed to notifying users about critical vulnerabilities in cloud services, even when it is not necessary for them to take direct action.
“We will issue CVEs for critical vulnerabilities in cloud services, regardless of whether customers need to install a patch or take other measures to protect themselves,” stated Microsoft mid-year. This approach aims to strengthen trust in the company by proactively reporting on issues that have already been resolved.
In this case, Microsoft states that “the vulnerability documented by this CVE does not require any customer action to be resolved” and added that “it has already been fully mitigated.”
Publicist and audiovisual producer in love with social networks. I spend more time thinking about which videogames I will play than playing them.
Latest from Pedro Domínguez
You may also like
NewsKingdom Hearts receives a Spanish voiceover in the form of a mod
Read more
NewsDeath Stranding 2 reaches 2 million copies sold thanks to its release on PC
Read more
NewsPlayStation 5 receives a significant price increase, which could affect the next generation of consoles according to analysts
Read more
NewsThe Tomb Raider series is put on hold due to a serious injury of one of its actresses
Read more
NewsSergio Leone was about to not direct one of his most iconic films
Read more
NewsProject Hail Mary takes the top spot at the box office in China
Read more