News
Microsoft fixes a serious security issue that affected Windows Defender
The company claims that it is not necessary for users to take action
- December 16, 2024
- Updated: July 1, 2025 at 10:37 PM
Microsoft has revealed a critical vulnerability in Windows Defender that could have allowed the exposure of sensitive data over a network. The security breach, identified as CVE-2024-49071, was made public on December 12 in the company’s security update guide. According to Microsoft, users do not need to take any action, as the solution was deployed remotely on the servers.
Subscribe to the Softonic newsletter and get the latest in tech, gaming, entertainment and deals right in your inbox.
Subscribe (it's FREE) ►The problem was that Windows Defender created an “index of private or sensitive document searches” without adequately limiting access to it. This, according to the Debricked vulnerability database, could have allowed unauthorized actors to access confidential information. Although the complexity of the attack was low, exploiting it required some prior access to Windows Defender. Fortunately, no cases of exploitation of this vulnerability have been reported so far.
Microsoft has clarified that the vulnerability has already been completely fixed and that users do not need to install patches or make adjustments. This strategy, although unusual for a critical vulnerability, reflects a new approach by the company towards transparency in security matters. Since June 2024, Microsoft has committed to notifying users about critical vulnerabilities in cloud services, even when it is not necessary for them to take direct action.
“We will issue CVEs for critical vulnerabilities in cloud services, regardless of whether customers need to install a patch or take other measures to protect themselves,” stated Microsoft mid-year. This approach aims to strengthen trust in the company by proactively reporting on issues that have already been resolved.
In this case, Microsoft states that “the vulnerability documented by this CVE does not require any customer action to be resolved” and added that “it has already been fully mitigated.”
Publicist and audiovisual producer in love with social networks. I spend more time thinking about which videogames I will play than playing them.
Latest from Pedro Domínguez
You may also like
NewsHow 'Star Wars' helped shape 'Masters of the Universe': without George Lucas we wouldn't have a new movie
Read more
NewsThe third season of the Superman series that you don't know you're missing arrives on HBO Max
Read more
NewsThe spin-offs of 'Rick and Morty' that even the biggest fans haven't seen and that add up to almost 6 hours
Read more
NewsBest World Cup 2026 Predictor Apps, Tested on the 48-Team Tournament Format
Read more
NewsThe director who defends Harvey Weinstein in her own way: "I hate to say it, but I loved cinema"
Read more
NewsNintendo has made a realistic remake of The Legend of Zelda: Ocarina of Time: here are 5 other games it could make next
Read more