A failure in the Windows kernel prevents identifying malware

A serious error has recently been detected in the Windows kernel. Error that can be easily abused by malware creators. The error in question affects PsSetLoadImageNotifyRoutine. It is one of the low-level mechanisms that is used by some security solutions to identify when code has been loaded into the kernel.

A failure in the Windows kernel prevents identifying malware

Therefore, an attacker can exploit this error by causing PsSetLoadImageNotifyRoutine to return an invalid module name. This allows the hacker to disguise the malware as if it were a normal operation. The bug in question was spotted earlier this year, and researchers who have discovered it say the bug affects all versions of Windows released since Windows 2000.

Windows kernel crash

Apparently, in the tests carried out, it has been seen that the failure has survived all versions. So after 17 years it is still present. Microsoft once introduced the PsSetLoadImageNotifyRoutine notification mechanism as a way to programmatically notify developers. Since this system could detect if an image is loaded in virtual memory, it was decided to integrate it with the antivirus software to detect malicious operations.

The main problem is that security software relies on this method to detect some malicious operations. Something that seems to increase the risk of this failure. Without a doubt a serious error on the part of Microsoft, which must be solved, since all versions of Windows are affected.

At the moment there is no concrete solution to this failure. In fact, Microsoft has offered no reaction. For users with different versions of Windows, the recommendation is the usual one. Always keep your computer updated and protected.