News
Microsoft fixes a serious security issue that affected Windows Defender
The company claims that it is not necessary for users to take action
- December 16, 2024
- Updated: July 1, 2025 at 10:37 PM
Microsoft has revealed a critical vulnerability in Windows Defender that could have allowed the exposure of sensitive data over a network. The security breach, identified as CVE-2024-49071, was made public on December 12 in the company’s security update guide. According to Microsoft, users do not need to take any action, as the solution was deployed remotely on the servers.
Subscribe to the Softonic newsletter and get the latest in tech, gaming, entertainment and deals right in your inbox.
Subscribe (it's FREE) ►The problem was that Windows Defender created an “index of private or sensitive document searches” without adequately limiting access to it. This, according to the Debricked vulnerability database, could have allowed unauthorized actors to access confidential information. Although the complexity of the attack was low, exploiting it required some prior access to Windows Defender. Fortunately, no cases of exploitation of this vulnerability have been reported so far.
Microsoft has clarified that the vulnerability has already been completely fixed and that users do not need to install patches or make adjustments. This strategy, although unusual for a critical vulnerability, reflects a new approach by the company towards transparency in security matters. Since June 2024, Microsoft has committed to notifying users about critical vulnerabilities in cloud services, even when it is not necessary for them to take direct action.
“We will issue CVEs for critical vulnerabilities in cloud services, regardless of whether customers need to install a patch or take other measures to protect themselves,” stated Microsoft mid-year. This approach aims to strengthen trust in the company by proactively reporting on issues that have already been resolved.
In this case, Microsoft states that “the vulnerability documented by this CVE does not require any customer action to be resolved” and added that “it has already been fully mitigated.”
Publicist and audiovisual producer in love with social networks. I spend more time thinking about which videogames I will play than playing them.
Latest from Pedro Domínguez
You may also like
NewsThis is the game that no one expected anything from, but it's blowing up on Steam
Read more
NewsRevolut requests a banking license in the US amid expansion plans
Read more
NewsDaisy Edgar-Jones in final negotiations to star in the adaptation of this young adult book
Read more
NewsThese are the first confirmed stars that will appear at the Oscars
Read more
NewsThe series with the most potential on Disney+ is renewed for a third season
Read more
NewsFinally, we have the hilarious trailer for season 2 of one of the best Netflix series
Read more