Last month, we told you about this Windows SMB vulnerability that Microsoft decided not to patch since it was deemed as a moderate issue. The flaw, dubbed SMBLoris, was found to be a 20-year-old flaw that exists in virtually all Windows machines, from Windows 2000 to Windows 10.
Recently, security researchers from enSilo discovered another long-standing flaw that affects all Windows versions released since Windows 2000.
More importantly, the researchers warned that this programming error can be exploited to prevent security and antivirus software from detecting malware and it still exists even in the most recent Windows 10 releases.
The flaw lies in a coding error in the Windows kernel that affects a process called “PsSetLoadImageNotifyRoutine.” This mechanism is used by some security software to check when modules have been loaded into the Windows kernel.
Researchers said that the bug can be exploited so that the “PsSetLoadImageNotifyRoutine” mechanism returns an invalid name, allowing an attacker to bypass security systems by disguising malware as legitimate software.
Basically, the bug can negate what the mechanism is supposed to do – detect malware threats as they get loaded into Windows.
Microsoft will not patch it
According to Bleeping Computer, one of the researchers, Omri Misgav, was told by Microsoft that the issue does not pose a security problem.
“We did not test any specific security software,” Misgav told Bleeping Computer. “We are aware that some vendors do use this mechanism, however at this point in time we cannot say if and how the use of the faulty [PsSetLoadImageNotifyRoutine] information affects them.
“We [also] contacted MSRC [Microsoft Security Response Center] about this issue at the beginning of this year,” he continued. “They did not deem it as a security issue.”
Sources also said that Microsoft engineers have reviewed the information and determined that this does not pose a security threat and they do not plan to address it with a security patch.
It’s not clear why Microsoft decided not to patch the flaw and although there’s no fix for it, it probably assessed that the PsSetLoadImageNotifyRoutine mechanism is not as widely used to cause havoc.
We’ll let you decide for yourself. To read the full report from enSilo, click here.