A recently disclosed vulnerability that allows an attacker to abuse the quarantine feature of anti-virus products to escalate privileges doesn’t affect Windows Defender, Microsoft says.
Dubbed AVGater, the new attack method relies on a malicious DLL being quarantined by an anti-virus product and then abuses the security program’s Windows process to restore the file.
Because the anti-virus process typically has System permissions, the malicious file is written to a different location (such as the Program Files or Windows folders) than its initial folder, so it could run with higher privileges.