Microsoft Defender, a built-in antivirus in the Windows 10 operating system is now able to download files from the web. A recent update to Windows 10’s built-in Microsoft Defender antivirus now brings a new capability, which allows users to download files from the Internet. As a result, Microsoft Defender’s updated built-in command-line MpCmdRun.exe tool could be potentially misused and abused by attackers,according to some security researchers.
MpCmdRun.exe gets a new -DownloadFile command-line argument
Attackers could potentially use this tool as a living-off-the-land binary (LOLBin), and with the right privileges, attackers can bypass traditional security defenses of the Windows 10 operating system.
MpCmdRun.exe helps users configure and manage Microsoft Defender using the command-line tool. The tool MpCmdRun.exe can not only automate Microsoft Antimalware Service but it can also perform troubleshooting.
“Well, you can download a file from the internet using Windows Defender itself,” said security researcher Mohammad Askar.
Askar claimed he could download Cobalt Stike’s Beacon malware payload with the help of MpCmdRun.exe’s new -DownloadFile command-line argument.
Are you looking to run Microsoft Defender from Command Line? All you need to do is open the command prompt as an administrator.
"%ProgramFiles%Windows DefenderMpCmdRun.exe"
Here’s how you can download your file using Microsoft Defender’s command-line tool:
"%ProgramFiles%Windows DefenderMpCmdRun.exe -DownloadFile -url [url] -path [local-path]"
This feature might have been added to Microsoft Defender in version 4.18.2008.9.
Microsoft Defender is programmed to detect malicious files downloaded using the command-line MpCmdRun.exe tool. Meanwhile, it remains to be seen whether or not the tool impacts the working of other Antivirus software.
For example, other than the Defender, other Antivirus software should be able to flag and safeguard Windows 10 computers against the malicious files downloaded with MpCmdRun.exe.