No patch for the Windows Kernel bug PDF Print E-mail
Written by Wayne   
Thursday, 14 September 2017 17:05

no patchMicrosoft will not be releasing a security update despite a cyber security research firm claiming it had discovered a bug in the PsSetLoadImageNotifyRoutine API that malicious malware developers could use to evade detection by third party anti-malware software. The software company does not believe the said bug poses any security risk.A security researcher at enSilo, Omri Misgav discovered a ‘programming error’ in the low-level interface PsSetLoadImageNotifyRoutine that can be tricked by hackers to allow malicious software to slip past third party antiviruses without detection. When it works correctly, the API is supposed to notify drivers, including those used by third-party anti-malware software, when a software module is loaded into memory. Antiviruses can then use the address provided by the API to track and scan modules ahead of load-time. Misgav and his team discovered PsSetLoadImageNotifyRoutine does not always return the correct address. The consequence is crafty hackers can use the loophole to misdirect anti-malware software and allow malicious software to run without detection. Microsoft says its engineers have looked at the information provided by enSilo and ascertained the supposed bug does not present a security threat. enSilo themselves have not tested any third party antivirus to prove their fears, even though they claim it will not take a genius hacker to exploit this bug in the Windows kernel. It is unclear if Microsoft will be releasing a patch to fix the bug in future updates, or whether they have always known of the bug and have other safeguards in place to stop the threat. The API itself is not new to the Windows OS. It was first written into OS in the 2000 build and has been retained for all subsequent versions, including the current Windows 10. That would seem too long for a Windows OS flaw to go unexploited by malware developers.