The issue, spotted this week by enSilo security researcher Omri Misgav, lies within the system called PsSetLoadImageNotifyRoutine.
A kernel bug that impacts Windows versions released over the past decade and a half remains unpatched, enSilo security researchers claim.
Researchers say that a bug in the Windows kernel could allow hackers to perform malicious actions by tricking security products blindly relying on a Windows API.
enSilo discovers how malware developers can abuse a programming error in the Windows kernel to prevent security software from identifying if, and when, malicious modules have been loaded at runtime.
Asked for comment, a Microsoft spokesperson offered the following statement: “Our engineers reviewed the information and determined this does not pose a security threat and we do not plan to address it with a security update.”
The flaw, according to security firm EnSilo, has been present on previous versions of Windows dating back to Windows 2000 and can be found on Windows 10 as well.
During research into the Windows kernel, we came across an interesting issue with PsSetLoadImageNotifyRoutine which as its name implies, notifies of module loading.
Researchers found a Microsoft kernel flaw in the PsSetLoadImageNotifyRoutine in all operating systems from Windows 2000 to the most recent version of Windows 10, which could allow attackers to bypass antivirus systems and load malware.
The company added enhanced capabilities around threat hunting, communicating applications, reputation scoring, and improved visibility around system events in its new System Events Viewer. The company said the latest update adds to its next-generation antivirus and EDR capabilities with new features to protect against advanced malware threats using automation.
As the number of security threats grow, so too does the number of startups with innovative security technologies to help IT operations protect against those threats. As part of CRN’s 2017 Emerging Vendors list, enSilo is one of the hot security startups founded after 2011.
Atlanta, GA – January 25 — 100 InfoSec leaders and strategists collaborate in a day of thought-leading exchange as we examine directions from within the Office of the CISO.
Phoenix, AZ – February 8 — 100 InfoSec leaders and strategists collaborate in a day of thought-leading exchange as we examine directions from within the Office of the CISO.
Cyber Security Summit Silicon Valley
Silicon Valley, CA – February 13 — Cyber Security Summit connects C-Suite and Senior Executives responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts.
HMG Strategy CIO Executive Leadership Summit
Dallas, TX – March 7— HMG Strategy Executive Leadership Summits deliver world class thought leadership where attendees receive unique insights into best practices and hear success stories involving leadership, management, technology and career development. Focus areas for the conference include Strategy, Process Improvement and Alignment Innovation and Technology Career Management and Leadership Development.
Minneapolis, MN – March 8 — 100 InfoSec leaders and strategists collaborate in a day of thought-leading exchange as we examine directions from within the Office of the CISO.
London, UK – March 8 — 100 InfoSec leaders and strategists collaborate in a day of thought-leading exchange as we examine directions from within the Office of the CISO.
Lake Buena Vista, FL – March 19-21 — For more than 20 years InfoSec World has been the “business of security” conference. To manage today’s threats, security practitioners must have the skills to be both a business partner and enabler and have the technical expertise to prevent, detect and respond to security challenges. InfoSec World welcomes a community of information security professionals from every market and field of study, hailing from more than 100 nations around the world.
Philadelphia, PA – March 28-29 — The conferences bring together the industry’s best thought leaders and solutions providers for high-quality, affordable education and networking. SecureWorld attendees leave equipped with the knowledge and tools needed to secure the digital-age enterprise.
Ensilo: Recognized by the Best
See what they’re saying...
enSilo Wins 2017 Red Herring Award
For the second year in a row, enSilo has been recognized with the Red Herring Top 100 award. The 100 winning companies, selected from thousands of prospective startups and tech firms, represent the cutting edge of North America’s world-class technology industry–and demonstrate the region’s continued reputation for digital excellence. The award has been given out every year since 1996 by the innovation magazine and news service Red Herring.
enSilo’s CEO Roy Katmor has been honored as one of the Top Rated CEOs in San Francisco
The launch of Owler Inaugural Top Rated CEO Awards provides a true market view of the best-loved leaders across 50 cities and 25 industries worldwide. They looked at 167,000 CEOs on Owler to identify the top 1,000. As one of the awardees, enSilo’s CEO is among the top 0.60 percent of executives on Owler, putting enSilo at the pinnacle of business leadership.
enSilo Wins 2016 Ciconnect Most Innovative Company
CiCConnect event held by CICC – California Israel Chamber of Commerce selects each year the most innovative Cyber Security company. The honorable panel of 5 judges from leading VC companies and key Silicon Valley security experts unanimously voted enSilo as the CICC Most Innovative Company in 2016. The event took place at Microsoft’s Silicon Valley campus at Mountain View.
enSilo Awarded A Top 10 Security Solution Provider- 2016
Published from Fremont, California, Banking CIO Outlook is a print magazine that features CIOs, ITVPs, CTOs and other decision makers’ opinions and suggestions that helps clients to address the issues in the banking industry. A panel of experts, and professionals including board members of Banking CIO Outlook magazine finalized the list of “Top 10 Security Solution Providers 2016” and short listed the best consultants and vendors.
enSilo Named Cool Vendor In Digital Workplace Security, 2016
Each year, Gartner recognizes vendors across different fields as offering a new technology or approach to better solve existing problems; and others that offered innovative solutions to solve new problems. These vendors are not selected as Cool Vendors simply because they have interesting technology, but also because of the growth and success of their company in using technology differently to solve customer problems resulting in tremendous traction.
enSilo Featured By Forst & Sullivan As Movers And Shakers
Frost & Sullivan is proud to showcase Movers & Shakers interviews, highlighting dynamic companies and leaders in the corporate world. These organizations and individuals are recognized for achieving milestones such as launching a breakthrough technology, executing a key strategic acquisition, or implementing a revolutionary vision for the future of their industries.
enSilo Wins 2016 Red Herring Award
Every year since 1996, the innovation magazine and news service Red Herring selects the 100 most promising tech and life sciences companies, with separate contests for the United States, Europe and Asia. Red Herring editors were among the first to tip the world to the importance of companies such as Facebook, Twitter, Google, Yahoo, Skype, Salesforce.com, YouTube, Palo Alto Networks and eBay.
enSilo Has Been Named A Winner Of Owler 2016 Hot In San Francisco Award
Each year, Owler recognizes the top trending companies in cities around the world. They sifted through over 15 million companies on their platform to find the most award-worthy businesses, and wound up with 4,500 winners across the 600 most popular cities on Owler. Recipients are chosen based on several different metrics, including number of followers on Owler, insights collected from their community, social media followers, and blog posts over the past year.