A bug in the Microsoft Windows kernel can render security tools useless by blocking the detection of malware threats by a system utility written specifically to highlight potential threats to security software.
According to a write-up on security blog, Breaking Malware, the bug in the system is a coding error that affects the PsSetLoadImageNotifyRoutine, which is supposed to monitor what modules are loading.
"During research into the Windows kernel, we came across an interesting issue with PsSetLoadImageNotifyRoutine which as its name implies, notifies of module loading," explains the security firm enSilo on its blog.
"The thing is, after registering a notification routine for loaded PE images with the kernel the callback may receive invalid image names.
"After digging into the matter, what started as a seemingly random issue proved to originate from a coding error in the Windows kernel itself. This flaw exists in the most recent Windows 10 release and past versions of the operating system, dating back to Windows 2000."
The bug defeats the purpose of the PsSetLoadImageNotifyRoutine, which is designed to spot malware threats as they make their way through Windows. It is also rather ironic. Bleeping Computer has spoken to one of the security researchers, Omri Misgav, who said that Microsoft did not see the issue as a security problem.
"We did not test any specific security software," Misgav told Bleeping Computer. "We are aware that some vendors do use this mechanism, however at this point in time we cannot say if and how the use of the faulty [PsSetLoadImageNotifyRoutine] information affects them."
"We [also] contacted MSRC [Microsoft Security Response Center] about this issue at the beginning of this year. They did not deem it as a security issue."
Kicking Palantir off of AWS is among their demands, too
Rafaela Vasquez was watching The Voice at the time of the crash, new evidence shows
PUBG price slashed on Steam after selling more than 50 million copies - as daily player numbers plunge
Use the same password for every website? It might be time to change them all