No patch for the Windows Kernel bug that lets malware avoid antivirus detection

zuvapatrick@gmail.com' By: Patrick Zuva
2 minute read
Windows Kernel bug

Microsoft will not be releasing a security update despite a cyber security research firm claiming it discovered a bug in the PsSetLoadImageNotifyRoutine API that malicious malware developers could use to evade detection by third party anti-malware software. The software company does not believe the said bug poses any security risk.

A security researcher at enSilo, Omri Misgav, discovered a ‘programming error’ in the low-level interface PsSetLoadImageNotifyRoutine that can be tricked by hackers to allow malicious software to slip past third party antiviruses without detection. 

When it works correctly, the API is supposed to notify drivers, including those used by third-party anti-malware software, when a software module is loaded into memory. Antiviruses can then use the address provided by the API to track and scan modules ahead of load-time. Misgav and his team discovered PsSetLoadImageNotifyRoutine does not always return the correct address.

The consequence? Crafty hackers can use the loophole to misdirect anti-malware software and allow malicious software to run without detection. Microsoft says its engineers have looked at the information provided by enSilo and determined the supposed bug does not present a security threat.

enSilo itself has not tested any third party antivirus to prove its fears, even though it claims it will not take a genius hacker to exploit this bug in the Windows kernel. It is unclear if Microsoft will be releasing a patch to fix the bug in future updates or whether they have always known of the bug and have other safeguards in place to stop the threat.

The API itself is not new to the Windows OS. It was first written into OS in the 2000 build and was retained for all subsequent versions, including the current Windows 10. That would seem too long for a Windows OS flaw to go unexploited by malware developers.

Maybe there hasn’t yet been any security breach through this Windows kernel bug because hackers had not yet discovered it. Well, now they know. And, since Microsoft isn’t going to do anything about the bug, it remains to be seen what the ever enterprising hacker community will make of this opportunity. Perhaps that will tell us if Microsoft is right about this bug not posing a security threat.

RELATED ARTICLES YOU NEED TO CHECK OUT

For various PC problems, we recommend this tool.

This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues now in 3 easy steps:

  1. Download this PC Repair Tool rated "Excellent" on TrustPilot.com.
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues with Patended Technologies (requires upgrade).

Discussions

Next up

Best Windows 10 antivirus software to use in 2018

By: Radu Tyrsina
7 minute read

Update – 2018 will soon come to an end and we already have a guide on what is the best antivirus you should get in […]

Continue Reading

These features are out for good with Windows 10 version 1809

iamsovy@gmail.com' By: Sovan Mandal
2 minute read

Microsoft is all set to launch its next big update, Windows 10 version 1809 in October. While that should be a nice piece of news […]

Continue Reading

Windows 10 18H2 builds no longer receive new features

By: Matthew Adams
3 minute read

The Windows 10 October 2018 Update (otherwise 18H2) rollout might now be two to three weeks away. For the last few months, new build previews […]

Continue Reading