Decade-old Windows kernel bug lets hackers bypass security protections

Brink

Brink

Administrator
Staff member
Local time
2:41 AM
Messages
74,808
Location
Oklahoma
Researchers say that a bug in the Windows kernel could allow hackers to perform malicious actions by tricking security products blindly relying on a Windows API.

The bug affects a low-level interface, known as PsSetLoadImageNotifyRoutine, that notifies when a module has been loaded into the Windows kernel. The bug can allow an attacker to forge the name of a loaded module, a method that can mislead third-party security products, and allow malicious actions without any warning.

Omri Misgav, a security researcher at enSilo, who also wrote a blog post on the bug, said that the bug appears to be a "programming error" in the kernel.
All versions of Windows are affected.

PsSetLoadImageNotifyRoutine was originally introduced in Windows 2000 to inform drivers, such as those powering security products, when a module is loaded into a process and the module's address in memory, allowing security products to track modules...
Click to expand...


Read more: Decade-old Windows kernel bug lets hackers bypass security protections | ZDNet
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Self built custom
OS
64-bit Windows 11 Pro for Workstations
CPU
Intel i7-8700K OC'd to 5 GHz
Motherboard
ASUS ROG Maximus XI Formula Z390
Memory
64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz
Graphics Card(s)
ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
Sound Card
Integrated
Monitor(s) Displays
2 x Samsung Odyssey G7 27"
Screen Resolution
2560x1440
Hard Drives
1TB Samsung 990 PRO M.2,
4TB Samsung 990 PRO PRO M.2,
TerraMaster F8 SSD Plus NAS
PSU
Seasonic Prime Titanium 850W
Case
Thermaltake Core P3
Cooling
Corsair Hydro H115i
Keyboard
Logitech wireless K800
Mouse
Logitech MX Master 4
Internet Speed
2 Gb/s Download and 100 Mb/s Upload
Antivirus
Malwarebyte Anti-Malware Premium
Browser
Google Chrome
Other Info
Logitech Z625 speaker system,
Logitech BRIO 4K Pro webcam,
HP Color LaserJet Pro MFP M477fdn,
APC SMART-UPS RT 1000 XL - SURT1000XLI,
Galaxy S23 Plus phone
So Shawn, how can we fix this? I make several tweaks to the registry, including one that loads the Kernel into ram on boot up, but so far I can't remember ever doing an edit to the Kernel itself. Is that even possible?

:cool:
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Various
OS
Win 7 Pro, SP1, x86, Win-11/Pro/64
CPU
AMD
Motherboard
Various
Memory
8GB Crucial
Graphics Card(s)
Various
Sound Card
OnBoard
Monitor(s) Displays
Acer 21.5"
Hard Drives
Crucial SSD, 500 GB
PSU
OEM
Case
SFF Slim Line Case
Cooling
OEM
Keyboard
eMachines
Mouse
Logitech Wireless
Internet Speed
varies
Antivirus
Windows Defender/Super Anti-Spyware
Browser
Firefox
Got me. It appears that it may only be something Microsoft could do. :(
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Self built custom
OS
64-bit Windows 11 Pro for Workstations
CPU
Intel i7-8700K OC'd to 5 GHz
Motherboard
ASUS ROG Maximus XI Formula Z390
Memory
64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz
Graphics Card(s)
ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
Sound Card
Integrated
Monitor(s) Displays
2 x Samsung Odyssey G7 27"
Screen Resolution
2560x1440
Hard Drives
1TB Samsung 990 PRO M.2,
4TB Samsung 990 PRO PRO M.2,
TerraMaster F8 SSD Plus NAS
PSU
Seasonic Prime Titanium 850W
Case
Thermaltake Core P3
Cooling
Corsair Hydro H115i
Keyboard
Logitech wireless K800
Mouse
Logitech MX Master 4
Internet Speed
2 Gb/s Download and 100 Mb/s Upload
Antivirus
Malwarebyte Anti-Malware Premium
Browser
Google Chrome
Other Info
Logitech Z625 speaker system,
Logitech BRIO 4K Pro webcam,
HP Color LaserJet Pro MFP M477fdn,
APC SMART-UPS RT 1000 XL - SURT1000XLI,
Galaxy S23 Plus phone
You must log in or register to reply here.

Similar threads

Internet Explorer zero-day lets hackers steal files from Windows PCs
Replies
0
Views
622
Brink
Brink
Eclypsium finds security flaws in 40 kernel drivers from 20 vendors
Replies
0
Views
1K
Brink
Brink
Skype can't fix security bug without massive code rewrite
Replies
0
Views
849
Brink
Brink
Security Advisory ADV180022 | Windows Denial of Service Vulnerability
Replies
1
Views
1K
file3456
F
KB4340556 .NET Framework Security & Quality Rollup updates - Windows 7
Replies
1
Views
4K
LevelBest
LevelBest
Back
Top