Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bug In Windows Kernel Could Prevent Security Software From Identifying Malware (bleepingcomputer.com)

Posted by BeauHD on from the security-issues dept.

An anonymous reader writes: "Malware developers can abuse a programming error in the Windows kernel to prevent security software from identifying if, and when, malicious modules have been loaded at runtime," reports Bleeping Computer. "The bug affects PsSetLoadImageNotifyRoutine, one of the low-level mechanisms some security solutions use to identify when code has been loaded into the kernel or user space. The problem is that an attacker can exploit this bug in a way that PsSetLoadImageNotifyRoutine returns an invalid module name, allowing an attacker to disguise malware as a legitimate operation. The issue came to light earlier this year when enSilo researchers were analyzing the Windows kernel code. Omri Misgav, Security Researcher at enSilo and the one who discovered the issue, says the bug affects all Windows versions released since Windows 2000. Misgav's tests showed that the programming error has survived up to the most recent Windows 10 releases." In an interview, the researcher said Microsoft did not consider this a security issue. Bug technical details are available here.

2 of 75 comments (clear)

  1. Windows is full of old bugs by Anonymous Coward · · Score: 5, Interesting

    Microsoft has never bothered to fix anything to do with Unicode search, either. Try this out at home, kids:

    • paste "Español" into a Notepad window and save it into Unicode, Unicode big-endian, UTF-8 and ANSI text files.
    • Try using Windows Explorer to search for Español in that folder - no matches.
    • Open a Command Prompt and run: findstr "Español" *.txt - no matches.
    • Open a Command Prompt and run: find "Español" *.txt - at least it finds the Unicode little-endian file.

    It's been this way since Microsoft introduced UCS-2 in Windows NT4 and UTF-16 in Windows 2000. They don't consider it a bug so they won't acknowledge it requires a fix.

  2. Just dreaming. by Gravis+Zero · · Score: 2, Interesting

    If only there was some way that programs from around the globe could review the kernel of an operating system. No wait, we could expand it to all software and make it some sort of hub for getting software. Oh well, I guess it's one of those impossible things that will never happen. ;)

    --
    Anons need not reply. Questions end with a question mark.