The issue, spotted this week by enSilo security researcher Omri Misgav, lies within the system called PsSetLoadImageNotifyRoutine.
A kernel bug that impacts Windows versions released over the past decade and a half remains unpatched, enSilo security researchers claim.
Researchers say that a bug in the Windows kernel could allow hackers to perform malicious actions by tricking security products blindly relying on a Windows API.
enSilo discovers how malware developers can abuse a programming error in the Windows kernel to prevent security software from identifying if, and when, malicious modules have been loaded at runtime.
Asked for comment, a Microsoft spokesperson offered the following statement: “Our engineers reviewed the information and determined this does not pose a security threat and we do not plan to address it with a security update.”
The flaw, according to security firm EnSilo, has been present on previous versions of Windows dating back to Windows 2000 and can be found on Windows 10 as well.
During research into the Windows kernel, we came across an interesting issue with PsSetLoadImageNotifyRoutine which as its name implies, notifies of module loading.
Researchers found a Microsoft kernel flaw in the PsSetLoadImageNotifyRoutine in all operating systems from Windows 2000 to the most recent version of Windows 10, which could allow attackers to bypass antivirus systems and load malware.
The company added enhanced capabilities around threat hunting, communicating applications, reputation scoring, and improved visibility around system events in its new System Events Viewer. The company said the latest update adds to its next-generation antivirus and EDR capabilities with new features to protect against advanced malware threats using automation.
As the number of security threats grow, so too does the number of startups with innovative security technologies to help IT operations protect against those threats. As part of CRN’s 2017 Emerging Vendors list, enSilo is one of the hot security startups founded after 2011.
2017 CISO Leadership Forum
Dallas, TX – September 26, 2017 — Argyle Forum is bringing together leading InfoSec, IT, and Risk executives for their annual CISO Summit in Dallas. Throughout a full day of content and networking, we will focus on the most pressing issues that InfoSec professionals are facing today.
2017 Technology Innovation & Security in Financial Services Forum
New York, NY – September 27, 2017 — Join Argyle as leading financial services CIOs, CISOs, and IT executives assemble to discuss the most pressing issues that IT and InfoSec executives are facing within the industry.
Boston, MA – September 28 — 100 InfoSec leaders and strategists collaborate in a day of thought-leading exchange as we examine directions from within the Office of the CISO.
Strategic IT Security Meeting
London, UK – October 10 — Senior decision makers from the world’s top companies lead the discussions on current and emerging challenges in cybersecurity.
Chicago, IL – October 11-12 — ManuSec Summit 2017 will bring together a senior delegation of 120+ manufacturing leaders from across the United States to benchmark and discuss differing approaches to the cybersecurity challenges the manufacturing sector is facing.
Cyber Security Chicago
Chicago, IL – October 18-19 — Cyber Security Chicago offers invaluable security insight for both IT managers & security decision makers. Learn from industry experts on how you can build stronger defenses against cyber-attacks and how to recover if your systems are breached.
Dallas, TX – October 26 — 100 InfoSec leaders and strategists collaborate in a day of thought-leading exchange as we examine directions from within the Office of the CISO.
Captive Eight IT Executive Forum
New York, NY – October 26 — Join other local IT Execs for an elite, high-energy evening of peer-to-peer engagement, socializing, and relevant conversations about the latest technology. In this intimate gathering, you will meet and learn from new business contacts, and discover exciting new technology trends.
InfoSecurity Connect East
Miami, FL – November 1-3 — InfoSecurity Connect is the one-stop shop for senior cybersecurity executives in financial services. It is an interactive forum providing attendees the opportunity to benchmark, share ideas, find business solutions and build lasting relationships.
2017 Chief Information Security Officer (CISO) Leadership Forum
New York, NY – November 7 — Argyle Executive Forum is bringing together leading InfoSec, IT, and Risk executives for our annual CISO Forum in New York City. Throughout a full day of content and networking, the event will focus on the most pressing issues that InfoSec professionals are facing moving into 2018.
Cyber Security Summit
Boston, MA – November 8 — Cyber Security Summit connects C-Suite and Senior Executives responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts.
2017 Chief Information Security Officer (CISO) Leadership Forum Los Angeles
Los Angeles, CA – November 9 — Argyle Executive Forum is bringing together leading InfoSec, IT, and Risk executives for their inaugural 2017 CISO Forum in Los Angeles. Throughout a full day of content and networking, the day will focus on the most pressing issues that InfoSec professionals face moving into 2018.
Charlotte, N.C. – November 9 — 100 InfoSec leaders and strategists collaborate in a day of thought-leading exchange as we examine directions from within the Office of the CISO.
Los Angeles Cyber Security Summit
Los Angeles, California – November 29 — The annual Los Angeles Cyber Security Summit connects C-Suite and Senior Executives responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts.
2017 Information Technology & Security Forum
Boston, MA – December 7 — Bringing together leading IT and InfoSec executives for our 2017 Information Technology & Security Forum in Boston. Throughout a full day of content and networking, we will focus on the most pressing issues that InfoSec professionals will face going into 2018.
Ensilo: Recognized by the Best
See what they’re saying...
enSilo Wins 2017 Red Herring Award
For the second year in a row, enSilo has been recognized with the Red Herring Top 100 award. The 100 winning companies, selected from thousands of prospective startups and tech firms, represent the cutting edge of North America’s world-class technology industry–and demonstrate the region’s continued reputation for digital excellence. The award has been given out every year since 1996 by the innovation magazine and news service Red Herring.
enSilo’s CEO Roy Katmor has been honored as one of the Top Rated CEOs in San Francisco
The launch of Owler Inaugural Top Rated CEO Awards provides a true market view of the best-loved leaders across 50 cities and 25 industries worldwide. They looked at 167,000 CEOs on Owler to identify the top 1,000. As one of the awardees, enSilo’s CEO is among the top 0.60 percent of executives on Owler, putting enSilo at the pinnacle of business leadership.
enSilo Wins 2016 Ciconnect Most Innovative Company
CiCConnect event held by CICC – California Israel Chamber of Commerce selects each year the most innovative Cyber Security company. The honorable panel of 5 judges from leading VC companies and key Silicon Valley security experts unanimously voted enSilo as the CICC Most Innovative Company in 2016. The event took place at Microsoft’s Silicon Valley campus at Mountain View.
enSilo Awarded A Top 10 Security Solution Provider- 2016
Published from Fremont, California, Banking CIO Outlook is a print magazine that features CIOs, ITVPs, CTOs and other decision makers’ opinions and suggestions that helps clients to address the issues in the banking industry. A panel of experts, and professionals including board members of Banking CIO Outlook magazine finalized the list of “Top 10 Security Solution Providers 2016” and short listed the best consultants and vendors.
enSilo Named Cool Vendor In Digital Workplace Security, 2016
Each year, Gartner recognizes vendors across different fields as offering a new technology or approach to better solve existing problems; and others that offered innovative solutions to solve new problems. These vendors are not selected as Cool Vendors simply because they have interesting technology, but also because of the growth and success of their company in using technology differently to solve customer problems resulting in tremendous traction.
enSilo Featured By Forst & Sullivan As Movers And Shakers
Frost & Sullivan is proud to showcase Movers & Shakers interviews, highlighting dynamic companies and leaders in the corporate world. These organizations and individuals are recognized for achieving milestones such as launching a breakthrough technology, executing a key strategic acquisition, or implementing a revolutionary vision for the future of their industries.
enSilo Wins 2016 Red Herring Award
Every year since 1996, the innovation magazine and news service Red Herring selects the 100 most promising tech and life sciences companies, with separate contests for the United States, Europe and Asia. Red Herring editors were among the first to tip the world to the importance of companies such as Facebook, Twitter, Google, Yahoo, Skype, Salesforce.com, YouTube, Palo Alto Networks and eBay.
enSilo Has Been Named A Winner Of Owler 2016 Hot In San Francisco Award
Each year, Owler recognizes the top trending companies in cities around the world. They sifted through over 15 million companies on their platform to find the most award-worthy businesses, and wound up with 4,500 winners across the 600 most popular cities on Owler. Recipients are chosen based on several different metrics, including number of followers on Owler, insights collected from their community, social media followers, and blog posts over the past year.