#Fail: 17 Year Old Bug In Windows Stops Identification Of Malware By AV Software

If this isn’t a #fail, I am not sure what qualifies. Bleeping Computer is reporting that Omri Misgav who is Security Researcher at enSilo discovered a bug in every version of Windows that has been released in the last 17 years that if properly exploited by malware creators, will stop security software from detecting said malware:

The bug affects PsSetLoadImageNotifyRoutine, one of the low-level mechanisms some security solutions use to identify when code has been loaded into the kernel or user space.

The problem is that an attacker can exploit this bug in a way that PsSetLoadImageNotifyRoutine returns an invalid module name, allowing an attacker to disguise malware as a legitimate operation.

What’s worse is this response from Microsoft:

“We [also] contacted MSRC [Microsoft Security Response Center] about this issue at the beginning of this year,” Misgav told Bleeping. “They did not deem it as a security issue.”

Well, that’s not cool. I’m going to go out on a limb and suggest that now that this is public, their tune may change. Though, knowing Microsoft, it may not change because something that doesn’t allow third party anti virus software to detect malware is a feature to them. Hopefully that’s not the case, but it wouldn’t shock me if it was.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: