CyberArk says the manner in which Defender scans for malicious executables in SMB shares gives attackers an opening.
Researchers at CyberArk Labs have devised what they claimed is a relatively simple way for attackers to sneak known malware past Windows Defender and get it to execute on devices running Windows 10 and Windows 8.1.
The tactic will likely work against other anti-virus tools as well, CyberArk said in an advisory Thursday. But for the moment it has only been tested and shown to work against Windows Defender. As many as 480 million devices with Windows Defender are completely unprotected against attacks that use the approach, the security vendor warned.