So this a remote vulnerability, but no execution just information access? The CVE and Microsoft are not clear about it (or I am bad at reading).
According to the Debricked vulnerability database, CVE-2024-49071 the issue arose because Windows Defender created a “search index of private or sensitive documents,” but it did not “properly limit index access to actors who are authorized to see the original information.”
Here’s microsoft’s info: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49071
MS says they mitigated it without user intervention. Allegedly someone with privileges for Windows Defender could access an index file and send file contents over a network. I couldn’t tell if the file contents were just the index itself or file contents from elsewhere on the machine but I think it’s the former.
Anyway, MS says it’s fixed and pay no attention to the man behind the curtain.
Probably found it when a computer was just sending Recall images out to a C&C server. Nothing to see here! xD
“The vulnerability documented by this CVE requires no customer action to resolve,” Microsoft said, “this vulnerability has already been fully mitigated by Microsoft.” So, there we have it. A critical Windows Defender vulnerability fixed quietly in the background, but with full transparency from Microsoft. Now that’s what good security looks like.
HAHAHAHAHahahahahahahaha
The source article is state run media