#Windows Defender

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.

References Identification First version of the Microsoft Malware Protection Engine with this vulnerability addressed Version 1.1.19100.5 See Manage Updates Baselines Microsoft Defender Antivirus for more information. **Microsoft Defender is disabled in my environment, why are vulnerability scanners showing that I am vulnerable to this issue?** Vulnerability scanners are looking for specific binaries and version numbers on devices. Microsoft Defender files are still on disk even when disabled. Systems that have disabled Microsoft Defender are not in an exploitable state. **Why is no action required to install this update?** In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Microsoft Malware Protection Engine. In order to be effective in helping protect against new and prevalent threats, antimalware software must be kept up to date with these updates in a timely manner. For enterprise deployments as well as end users,...

References Identification First version of the Microsoft Malware Protection Engine with this vulnerability addressed Version 1.1.19100.5 See Manage Updates Baselines Microsoft Defender Antivirus for more information. **Microsoft Defender is disabled in my environment, why are vulnerability scanners showing that I am vulnerable to this issue?** Vulnerability scanners are looking for specific binaries and version numbers on devices. Microsoft Defender files are still on disk even when disabled. Systems that have disabled Microsoft Defender are not in an exploitable state. **Why is no action required to install this update?** In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Microsoft Malware Protection Engine. In order to be effective in helping protect against new and prevalent threats, antimalware software must be kept up to date with these updates in a timely manner. For enterprise deployments as well as end users,...

References Identification First version of the Microsoft Malware Protection Engine with this vulnerability addressed Version 1.1.18700.3 See Manage Updates Baselines Microsoft Defender Antivirus for more information. *Microsoft Defender is disabled in my environment, why are vulnerability scanners showing that I am vulnerable to this issue?* Vulnerability scanners are looking for specific binaries and version numbers on devices. Microsoft Defender files are still on disk even when disabled. Systems that have disabled Microsoft Defender are not in an exploitable state. *Why is no action required to install this update?* In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Microsoft Malware Protection Engine. In order to be effective in helping protect against new and prevalent threats, antimalware software must be kept up to date with these updates in a timely manner. For enterprise deployments as well as end users, the de...

<p><a href="http://2.bp.blogspot.com/-Lc-pMQxsfVg/YTVKVhCUJqI/AAAAAAAAt1I/Hsik9IJaHQENyEWH7b1bKIx-2vjj3ttNwCK4BGAYYCw/s1600/ntlm_theft_1_example-run-781145.png" style="text-align: center;"><img alt="" border="0" height="336" id="BLOGGER_PHOTO_ID_7004586528950462114" src="http://2.bp.blogspot.com/-Lc-pMQxsfVg/YTVKVhCUJqI/AAAAAAAAt1I/Hsik9IJaHQENyEWH7b1bKIx-2vjj3ttNwCK4BGAYYCw/w640-h336/ntlm_theft_1_example-run-781145.png" width="640" /></a></p><p><br /></p> <p>A tool for generating multiple types of NTLMv2 hash theft files.</p> <p>ntlm_theft is an Open Source Python3 Tool that generates 21 different types of hash theft documents. These can be used for phishing when either the target allows smb traffic outside their network, or if you are already inside the internal network.</p> <p>The benefits of these file types over say macro based documents or exploit documents are that all of these are built using "intended functionality". None were flagged by <a href="https://www.kitploit.com/se...