Bug in Windows kernel prevents security apps from detecting malware

A bug in the Windows kernel dating back to Windows 2000 can be exploited to prevent security applications from detecting malicious software loaded at runtime, Bleeping Computer reported.

The problem is with the PsSetLoadImageNotifyRoutine, a feature Microsoft introduced to notify developers of newly-registered drivers.

It could also detect when a PE image was loaded into virtual memory, so antivirus software developers used the routine to detect malicious operations – such as code being loaded into the kernel or user space.

enSilo has found that the routine does not work as specified, though.

Microsoft Security Response Center was reportedly contacted about the issue, but it did not feel the bug was a security issue.

“Some references indicate the bug was somewhat known, but… its root cause and full implications weren’t described in detail up until now,” said enSilo.

Details of how PsSetLoadImageNotifyRoutine is meant to work, and how the bug alters it, are available on the enSilo blog.

Now read: Windows 10 Fall Creators Update launch date announced

You have read 1 out of 5 free articles. Log in or register for unlimited access.

Bug in Windows kernel prevents security apps from detecting malware

Now read: Windows 10 Fall Creators Update launch date announced

Read now

PlayStation State of Play June 2026 – What South African gamers learned

PlayStation Plus vs Xbox Game Pass in South Africa – gaming subscription showdown

Digital vs physical video game prices – What to buy in South Africa

What South African law says about video game loot boxes

Xbox vs PlayStation reliability in South Africa – The winner is clear

Major international gaming platform adds support for South African Rand

Comments

Poll