Researchers say that a bug in the Windows kernel could allow hackers to perform malicious actions by tricking security products blindly relying on a Windows API.
The bug affects a low-level interface, known as PsSetLoadImageNotifyRoutine, that notifies when a module has been loaded into the Windows kernel. The bug can allow an attacker to forge the name of a loaded module, a method that can mislead third-party security products, and allow malicious actions without any warning.
Omri Misgav, a security researcher at enSilo, who also wrote a blog post on the bug, said that the bug appears to be a "programming error" in the kernel.
All versions of Windows are affected.
PsSetLoadImageNotifyRoutine was originally introduced in Windows 2000 to inform drivers, such as those powering security products, when a module is loaded into a process and the module's address in memory, allowing security products to track modules...
Read more: Decade-old Windows kernel bug lets hackers bypass security protections | ZDNet