Microsoft Fixes Windows Defender Vulnerability Allowing Disk Filling

Photo: Ars Technica
Quick answer
Microsoft patched a Windows Defender vulnerability that allowed attackers to fill victims' hard drives with junk logs. The flaw impacted all Windows versions and was resolved in a routine security update.
Microsoft has released a security update to address a critical vulnerability in Windows Defender that could be exploited to overflow users' hard drives. The bug was discovered by an independent researcher under the pseudonym NightmareEclipse and allowed attackers to create an infinite stream of log files, consuming free disk space.
The vulnerability affected all current versions of the operating system, including client and server editions. Attackers could exploit the issue remotely without requiring physical access to the device. As a result, the disk would fill with junk data, leading to system and application crashes.
The fix was included in the scheduled security update released on Tuesday. Microsoft urges users to install the patch as soon as possible to avoid potential attacks. However, tensions between the company and the researcher who discovered the vulnerability continue, which may impact future interactions between the parties.
Common questions
- What vulnerability was discovered in Windows Defender?
- The vulnerability allowed attackers to generate infinite logs, consuming free disk space and potentially causing system failures due to lack of storage.
- Which Windows versions were affected?
- The issue impacted all supported Windows versions, including Windows 10, 11, and server editions.
- How did Microsoft fix the vulnerability?
- The fix was included in the monthly Patch Tuesday update. Users are advised to install security updates promptly.
Dzen feed: /feed/dzen.xml · RSS: /feed.xml