Reply to thread

Message

<blockquote data-quote="Andy Ful" data-source="post: 903933" data-attributes="member: 32260">From what I know, Microsoft does not recognize it as a vulnerability and will probably do nothing.MpCmdRun.exe is not a WD engine. It is an administrative command-line tool to automate some WD tasks. <ol>
<li data-xf-list-type="ol">This tool is in the Windows system independently of installed AV, so the issue is not related to WD but to all AVs (and all security solutions).</li>
<li data-xf-list-type="ol">You can use it in the current version to download any file, but this file will be checked by an installed AV. </li>
<li data-xf-list-type="ol">MpCmdRun.exe is a kind of LOLBin and there are many LOLBins in Windows that can do the same or more - Microsoft does not recognize them as vulnerabilities, too.</li>
</ol>Anyway, in my opinion, adding another LOLBin to tenths of already existing LOLBins is stupid. Furthermore, it would be easy for MS to check if the downloaded file is an update to remove the LOLBin feature.</blockquote>

[QUOTE="Andy Ful, post: 903933, member: 32260"] From what I know, Microsoft does not recognize it as a vulnerability and will probably do nothing. MpCmdRun.exe is not a WD engine. It is an administrative command-line tool to automate some WD tasks. [LIST=1] [*]This tool is in the Windows system independently of installed AV, so the issue is not related to WD but to all AVs (and all security solutions). [*]You can use it in the current version to download any file, but this file will be checked by an installed AV. [*]MpCmdRun.exe is a kind of LOLBin and there are many LOLBins in Windows that can do the same or more - Microsoft does not recognize them as vulnerabilities, too. [/LIST] Anyway, in my opinion, adding another LOLBin to tenths of already existing LOLBins is stupid. Furthermore, it would be easy for MS to check if the downloaded file is an update to remove the LOLBin feature. [/QUOTE]

Verification