The bug apparently affects PsSetLoadImageNotifyRoutine, one of the mechanisms employed by security solutions to identify whether or not code has been loaded into the kernel or user space. Attackers can exploit this bug such that the PsSetLoadImageNotifyRoutine throws an invalid module name and with this, the attacker will disguise the malware as a legitimate operation. The worst part, however, is that the bug affects all versions of Windows that have been released since Windows 2000. However, the issue only came to the light when Omri Misgav, security researcher at enSilo, discovered it while analyzing the Windows kernel code. The error has been inherited by Windows 10 as well. PsSetLoadImageNotifyRoutine was introduced as a notification mechanism to notify app developers of newly registered drivers. Moreover, the mechanism was also integrated with antivirus software to allow the detection of malware that made changes to drivers. Microsoft, on the other hand, doesn’t see this as a potential security issue and according to researchers, the bug was somewhat known. Since its root cause and other details are still not available, it’s very hard to substantiate their claims. RELATED STORIES YOU NEED TO CHECK OUT:
Windows 10 virus removal tools to vanquish malware for good Facebook Messenger malware/adware attacks affect thousands of PCs Microsoft won’t patch the SMBv1 vulnerability: turn the service off or upgrade to Windows 10
Name *
Email *
Commenting as . Not you?
Save information for future comments
Comment
Δ