A security company that discovered a design error in the Windows kernel suggests that it could be exploited by malicious people to mislead anti-virus software. But the problem is not being addressed for the time being.
The problem was discovered by Omir Misgav of security company andSilo. He found that PsSetLoadImageNotifyRoutine, a component in the Windows kernel, can be manipulated through an API. Therefore, antivirus software can be prevented from recognizing malware. The component is installed since Windows 2000 has been embedded in the operating system.
The tool checks if suspicious code is loaded in memory, explains Misgaf in a blog post. In addition, he also said that he contacted Microsoft to map the issue. But both against and Silo as opposed to The Register, the company says that the problem will not be addressed. The manipulation would not constitute a serious threat to security.