Can we Bypass Windows Defender ?

[DungLeMTA]

Can we use the malicious word document and bypass Windows Defender ?

[El-Vim55]

My educated guess is: until Microsoft themselves resolve the Zero-Day it will remain undetected by Windows Defender, I'm probably wrong though.

You can also read this: https://www.trellix.com/en-sg/about/newsroom/stories/threat-labs/follina-microsoft-office-zero-day-cve-2022-30190.html#:~:text=The%20'Follina'%20zero%2Dday,can%20bypass%20Windows%20Defender%20detection.

[lakshya2207]

My educated guess is: until Microsoft themselves resolve the Zero-Day it will remain undetected by Windows Defender, I'm probably wrong though.

You can also read this: https://www.trellix.com/en-sg/about/newsroom/stories/threat-labs/follina-microsoft-office-zero-day-cve-2022-30190.html#:~:text=The%20'Follina'%20zero%2Dday,can%20bypass%20Windows%20Defender%20detection.

John Hammond already has submitted the fault to the Microsoft team and if the system is up to date windows will surely detect the vulnerability

[El-Vim55]

@lakshya2207 Ah ok, thanks for letting us know!

[ElizabethHanson1999]

Hi

I tried the exploit and i have a question now :
The exploit is done when the Windows Defender is off. dose it mean the vulnerability still exists in msdt service. and Windows prevents it just using defender? if so, what would it be if we obfuscatethe html payload ? dose it bypass the antivirus. how defender is preventing this exploit ? it's signature base or it prevents calling msdt through web ? this is the message i got from the windows antivirus :

Is there a way to change html_payload in the code ?

[DungLeMTA]

@ElizabethHanson1999 I tried it, I tried obfuscating html payload but Windows Defender caught any powershell commands, so it is not effective