A software bug in the Microsoft Windows kernel opens the door for malware bypassing security solutions. According to EnSilo researchers, the vulnerability is present in all versions of the OS, from Windows 2000 to Windows 10.
“Vulnerability is a software error in the Windows kernel, because of which security vendors can not determine which modules were loaded during the program run,” said EnSilo expert Omri Misgav.
The researchers found an error in the Load Image Notify Routine mechanism used by some security solutions to determine when a code was loaded into the kernel or user space.With the help of the vulnerability, an attacker can force Load Image Notify Routine to return an invalid module name and thereby issue malware for legitimate.
Experts have notified Microsoft about their discovery at the beginning of this year, but the company did not consider it a problem. Judging by some publications on the Internet, a mistake has already been known for some time. Nevertheless, the reasons for its occurrence and consequences have never been described in detail before.