Decade-old Windows kernel bug lets hackers bypass security protections

Decade-old Windows kernel bug lets hackers bypass security protections

Posted: 08 Sep 2017

Researchers say that a bug in the Windows kernel could allow hackers to perform malicious actions by tricking security products blindly relying on a Windows API.

The bug affects a low-level interface, known as PsSetLoadImageNotifyRoutine, that notifies when a module has been loaded into the Windows kernel. The bug can allow an attacker to forge the name of a loaded module, a method that can mislead third-party security products, and allow malicious actions without any warning.

Omri Misgav, a security researcher at enSilo, who also wrote a blog post on the bug, said that the bug appears to be a "programming error" in the kernel.
All versions of Windows are affected.

PsSetLoadImageNotifyRoutine was originally introduced in Windows 2000 to inform drivers, such as those powering security products, when a module is loaded into a process and the module's address in memory, allowing security products to track modules...

Read more: Decade-old Windows kernel bug lets hackers bypass security protections | ZDNet

Posted By: Brink
08 Sep 2017

TechnoMage2016

Posts : 714
Win 7 Pro, SP1, x86, Win-11/Pro/64

New 10 Sep 2017 #1

So Shawn, how can we fix this? I make several tweaks to the registry, including one that loads the Kernel into ram on boot up, but so far I can't remember ever doing an edit to the Kernel itself. Is that even possible?
My Computer
- My Computer
Computer Type: PC/Desktop
System Manufacturer/Model Number: Various
OS: Win 7 Pro, SP1, x86, Win-11/Pro/64
CPU: AMD
Motherboard: Various
Memory: 8GB Crucial
Graphics Card: Various
Sound Card: OnBoard
Monitor(s) Displays: Acer 21.5"
Keyboard: eMachines
Mouse: Logitech Wireless
PSU: OEM
Case: SFF Slim Line Case
Cooling: OEM
Hard Drives: Crucial SSD, 500 GB
Internet Speed: varies
Browser: Firefox
Antivirus: Windows Defender/Super Anti-Spyware
Quote
Brink

Posts : 72,046
64-bit Windows 11 Pro for Workstations
Thread Starter

New 10 Sep 2017 #2

Got me. It appears that it may only be something Microsoft could do.
My Computer
- My Computer
Computer Type: PC/Desktop
System Manufacturer/Model Number: Self built custom
OS: 64-bit Windows 11 Pro for Workstations
CPU: Intel i7-8700K OC'd to 5 GHz
Motherboard: ASUS ROG Maximus XI Formula Z390
Memory: 64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz
Graphics Card: ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
Sound Card: Integrated
Monitor(s) Displays: 2 x Samsung Odyssey G7 27"
Screen Resolution: 2560x1440
Keyboard: Logitech wireless K800
Mouse: Logitech MX Master 3
PSU: Seasonic Prime Titanium 850W
Case: Thermaltake Core P3
Cooling: Corsair Hydro H115i
Hard Drives: 1TB Samsung 990 PRO M.2, 4TB Samsung 990 PRO PRO M.2, 8TB WD MyCloudEX2Ultra NAS
Internet Speed: 1 Gb/s Download and 35 Mb/s Upload
Browser: Google Chrome
Antivirus: Malwarebyte Anti-Malware Premium
Other Info: Logitech Z625 speaker system, Logitech BRIO 4K Pro webcam, HP Color LaserJet Pro MFP M477fdn, APC SMART-UPS RT 1000 XL - SURT1000XLI, Galaxy S23 Plus phone
Quote

Related Discussions

Our Sites

Site Links

Contact Us
Privacy and Cookies
Do not share my Personal Information.

About Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 17:10.

Find Us