Threat actors can take advantage of a weakness that affects Microsoft Defender antivirus on Windows to learn locations excluded from scanning and plant malware there.
The issue has persisted for at least eight years, according to some users, and affects Windows 10 21H1 and Windows 10 21H2.
Lax permissions
Like any antivirus solution, Microsoft Defender lets users add locations (local or on the network) on their systems that should be excluded from malware scans.
People commonly make exclusions to prevent antivirus from affecting the functionality of legitimate applications that are erroneously detected as malware.
Source: BleepingComputers