If this isn’t a #fail, I am not sure what qualifies. Bleeping Computer is reporting that Omri Misgav who is Security Researcher at enSilo discovered a bug in every version of Windows that has been released in the last 17 years that if properly exploited by malware creators, will stop security software from detecting said malware:
The bug affects PsSetLoadImageNotifyRoutine, one of the low-level mechanisms some security solutions use to identify when code has been loaded into the kernel or user space.
The problem is that an attacker can exploit this bug in a way that PsSetLoadImageNotifyRoutine returns an invalid module name, allowing an attacker to disguise malware as a legitimate operation.
What’s worse is this response from Microsoft:
“We [also] contacted MSRC [Microsoft Security Response Center] about this issue at the beginning of this year,” Misgav told Bleeping. “They did not deem it as a security issue.”
Well, that’s not cool. I’m going to go out on a limb and suggest that now that this is public, their tune may change. Though, knowing Microsoft, it may not change because something that doesn’t allow third party anti virus software to detect malware is a feature to them. Hopefully that’s not the case, but it wouldn’t shock me if it was.
Like this:
Like Loading...
Related
This entry was posted on September 8, 2017 at 8:38 am and is filed under Commentary with tags Microsoft. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
#Fail: 17 Year Old Bug In Windows Stops Identification Of Malware By AV Software
If this isn’t a #fail, I am not sure what qualifies. Bleeping Computer is reporting that Omri Misgav who is Security Researcher at enSilo discovered a bug in every version of Windows that has been released in the last 17 years that if properly exploited by malware creators, will stop security software from detecting said malware:
The bug affects PsSetLoadImageNotifyRoutine, one of the low-level mechanisms some security solutions use to identify when code has been loaded into the kernel or user space.
The problem is that an attacker can exploit this bug in a way that PsSetLoadImageNotifyRoutine returns an invalid module name, allowing an attacker to disguise malware as a legitimate operation.
What’s worse is this response from Microsoft:
“We [also] contacted MSRC [Microsoft Security Response Center] about this issue at the beginning of this year,” Misgav told Bleeping. “They did not deem it as a security issue.”
Well, that’s not cool. I’m going to go out on a limb and suggest that now that this is public, their tune may change. Though, knowing Microsoft, it may not change because something that doesn’t allow third party anti virus software to detect malware is a feature to them. Hopefully that’s not the case, but it wouldn’t shock me if it was.
Share this:
Like this:
Related
This entry was posted on September 8, 2017 at 8:38 am and is filed under Commentary with tags Microsoft. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.