A kernel bug that impacts Windows versions released over the past decade and a half remains unpatched, enSilo security researchers claim.
Researchers say that a bug in the Windows kernel could allow hackers to perform malicious actions by tricking security products blindly relying on a Windows API.
enSilo discovers how malware developers can abuse a programming error in the Windows kernel to prevent security software from identifying if, and when, malicious modules have been loaded at runtime.
Asked for comment, a Microsoft spokesperson offered the following statement: “Our engineers reviewed the information and determined this does not pose a security threat and we do not plan to address it with a security update.”
The flaw, according to security firm EnSilo, has been present on previous versions of Windows dating back to Windows 2000 and can be found on Windows 10 as well.
During research into the Windows kernel, we came across an interesting issue with PsSetLoadImageNotifyRoutine which as its name implies, notifies of module loading.
Researchers found a Microsoft kernel flaw in the PsSetLoadImageNotifyRoutine in all operating systems from Windows 2000 to the most recent version of Windows 10, which could allow attackers to bypass antivirus systems and load malware.
The company added enhanced capabilities around threat hunting, communicating applications, reputation scoring, and improved visibility around system events in its new System Events Viewer. The company said the latest update adds to its next-generation antivirus and EDR capabilities with new features to protect against advanced malware threats using automation.
As the number of security threats grow, so too does the number of startups with innovative security technologies to help IT operations protect against those threats. As part of CRN’s 2017 Emerging Vendors list, enSilo is one of the hot security startups founded after 2011.
Project Zero researcher Tavis Ormandy had privately disclosed this bug to Microsoft.
Chicago, IL- May 10 — 100 InfoSec leaders and strategists collaborate in a day of thought-leading exchange as we examine directions from within the Office of the CISO.
secureCISO San Francisco
San Francisco, CA – May 17 — 100 InfoSec leaders and strategists collaborate in a day of thought-leading exchange as we examine directions from within the Office of the CISO.
FS-ISAC Annual Summit
Boca Raton, FL- May 20-23 — FS-ISAC (Financial Services Information Sharing and Analysis Center) is the only industry forum for collaboration on critical security threats facing the global financial services sector.
Cyber Security Summit Boston
Boston, MA – June 5 — Cyber Security Summit connects C-Suite and Senior Executives responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts.
Toronto, Ontario- June 7 — 100 InfoSec leaders and strategists collaborate in a day of thought-leading exchange as we examine directions from within the Office of the CISO.
London, UK – June 5-7 — Infosecurity Europe (Infosec) is the region’s number one information security event featuring Europe’s largest and most comprehensive conference programme and over 400 exhibitors showcasing the most relevant information security solutions and products to over 19,500 information security professionals.
Cyber Security Summit D.C. Metro
McLean, VA – June 28 — Cyber Security Summit connects C-Suite and Senior Executives responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts.
Ensilo: Recognized by the Best
See what they’re saying...
Info Security Products Guide’s: Silver for Cyber Security Vendor
enSilo wins Info Security Products Guide’s Global Excellence Award: Silver for Cyber Security Vendor Achievement of the Year | 11 – 99 Employees: Best Security Company: CyberSecurity Vendor of the Year category.
Info Security Products Guide’s: Global Excellence Award
Ensilo wins Info Security Products Guide’s Global Excellence Award: Gold for the Product or Service Excellence of the Year: Endpoint Security category.
enSilo Wins 2017 Red Herring Award
For the second year in a row, enSilo has been recognized with the Red Herring Top 100 award. The 100 winning companies, selected from thousands of prospective startups and tech firms, represent the cutting edge of North America’s world-class technology industry–and demonstrate the region’s continued reputation for digital excellence. The award has been given out every year since 1996 by the innovation magazine and news service Red Herring.
enSilo’s CEO Roy Katmor has been honored as one of the Top Rated CEOs in San Francisco
The launch of Owler Inaugural Top Rated CEO Awards provides a true market view of the best-loved leaders across 50 cities and 25 industries worldwide. They looked at 167,000 CEOs on Owler to identify the top 1,000. As one of the awardees, enSilo’s CEO is among the top 0.60 percent of executives on Owler, putting enSilo at the pinnacle of business leadership.
enSilo Wins 2016 Ciconnect Most Innovative Company
CiCConnect event held by CICC – California Israel Chamber of Commerce selects each year the most innovative Cyber Security company. The honorable panel of 5 judges from leading VC companies and key Silicon Valley security experts unanimously voted enSilo as the CICC Most Innovative Company in 2016. The event took place at Microsoft’s Silicon Valley campus at Mountain View.
enSilo Awarded A Top 10 Security Solution Provider- 2016
Published from Fremont, California, Banking CIO Outlook is a print magazine that features CIOs, ITVPs, CTOs and other decision makers’ opinions and suggestions that helps clients to address the issues in the banking industry. A panel of experts, and professionals including board members of Banking CIO Outlook magazine finalized the list of “Top 10 Security Solution Providers 2016” and short listed the best consultants and vendors.
enSilo Named Cool Vendor In Digital Workplace Security, 2016
Each year, Gartner recognizes vendors across different fields as offering a new technology or approach to better solve existing problems; and others that offered innovative solutions to solve new problems. These vendors are not selected as Cool Vendors simply because they have interesting technology, but also because of the growth and success of their company in using technology differently to solve customer problems resulting in tremendous traction.
enSilo Featured By Forst & Sullivan As Movers And Shakers
Frost & Sullivan is proud to showcase Movers & Shakers interviews, highlighting dynamic companies and leaders in the corporate world. These organizations and individuals are recognized for achieving milestones such as launching a breakthrough technology, executing a key strategic acquisition, or implementing a revolutionary vision for the future of their industries.
enSilo earns CRN’s 2017 Emerging Technology Vendors
enSilo is a comprehensive endpoint security platform that combines next generation antivirus with post-infection data protection capabilities that automatically responds to and defeats the most complex infections. The platform makes incident response automatic and provides post-infection protection that prevents data theft or ransom even on compromised endpoints.
enSilo Wins 2016 Red Herring Award
Every year since 1996, the innovation magazine and news service Red Herring selects the 100 most promising tech and life sciences companies, with separate contests for the United States, Europe and Asia. Red Herring editors were among the first to tip the world to the importance of companies such as Facebook, Twitter, Google, Yahoo, Skype, Salesforce.com, YouTube, Palo Alto Networks and eBay.
enSilo Has Been Named A Winner Of Owler 2016 Hot In San Francisco Award
Each year, Owler recognizes the top trending companies in cities around the world. They sifted through over 15 million companies on their platform to find the most award-worthy businesses, and wound up with 4,500 winners across the 600 most popular cities on Owler. Recipients are chosen based on several different metrics, including number of followers on Owler, insights collected from their community, social media followers, and blog posts over the past year.