• Alphane Moon@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    7 days ago

    So this a remote vulnerability, but no execution just information access? The CVE and Microsoft are not clear about it (or I am bad at reading).

    • Optional@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      7 days ago

      According to the Debricked vulnerability database, CVE-2024-49071 the issue arose because Windows Defender created a “search index of private or sensitive documents,” but it did not “properly limit index access to actors who are authorized to see the original information.”

  • WagnasT@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    7 days ago

    Here’s microsoft’s info: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49071

    MS says they mitigated it without user intervention. Allegedly someone with privileges for Windows Defender could access an index file and send file contents over a network. I couldn’t tell if the file contents were just the index itself or file contents from elsewhere on the machine but I think it’s the former.

    Anyway, MS says it’s fixed and pay no attention to the man behind the curtain.

    • Talaraine@fedia.io
      link
      fedilink
      arrow-up
      0
      ·
      7 days ago

      Probably found it when a computer was just sending Recall images out to a C&C server. Nothing to see here! xD

  • Optional@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    7 days ago

    “The vulnerability documented by this CVE requires no customer action to resolve,” Microsoft said, “this vulnerability has already been fully mitigated by Microsoft.” So, there we have it. A critical Windows Defender vulnerability fixed quietly in the background, but with full transparency from Microsoft. Now that’s what good security looks like.

    HAHAHAHAHahahahahahahaha