information on Microsoft PsSetLoadImageNotifyRoutine Kernel Flaw

TECHNICAL ADVISORY: Trend Micro Products and Microsoft PsSetLoadImageNotifyRoutine Kernel Flaw (Sept. 2017)

- Updated:
- 9 Jul 2018
- Product/Version:
- Deep Security
- OfficeScan
- ScanMail for Exchange
- Worry-Free Business Security Advanced
- Worry-Free Business Security Standard
- Platform:
- Windows 10
- Windows 10 32-bit
- Windows 10 64-bit
- Windows 2000 Advanced Server
- Windows 2000 Professional
- Windows 2000 Server
- Windows 2003 32-Bit
- Windows 2003 64-Bit
- Windows 2003 Datacenter 64-bit
- Windows 2003 Enterprise
- Windows 2003 Enterprise 64-bit
- Windows 2003 Server R2
- Windows 2003 Small Business Server
- Windows 2003 Small Business Server R2
- Windows 2003 Standard
- Windows 2003 Standard 64-bit
- Windows 2008 32-Bit
- Windows 2008 64-Bit
- Windows 2008 Datacenter
- Windows 2008 Datacenter 64-bit
- Windows 2008 Enterprise
- Windows 2008 Enterprise 64-bit
- Windows 2008 Essential Business Server
- Windows 2008 Server Core
- Windows 2008 Server Foundation
- Windows 2008 Server R2
- Windows 2008 Server R2 Datacenter
- Windows 2008 Server R2 Enterprise
- Windows 2008 Server R2 with Hyper-V(TM)
- Windows 2008 Small Business Server
- Windows 2008 Standard
- Windows 2008 Standard 64-bit
- Windows 2008 Web Server Edition
- Windows 2008 Web Server Edition 64-bit
- Windows 2011 Small Business Server Essentials
- Windows 2011 Small Business Server Standard
- Windows 2012
- Windows 2012 Datacenter
- Windows 2012 Datacenter R2
- Windows 2012 Enterprise
- Windows 2012 Enterprise R2
- Windows 2012 Server Essential R2
- Windows 2012 Server Essentials
- Windows 2012 Server Foundation R2
- Windows 2012 Server R2
- Windows 2012 Standard
- Windows 2012 Standard R2
- Windows 2012 Web Server Edition
- Windows 2016
- Windows 2016 Server Core
- Windows 2016 Server Datacenter
- Windows 2016 Server Standard
- Windows 7 32-Bit
- Windows 7 64-Bit
- Windows 8 32-Bit
- Windows 8 64-Bit
- Windows 8.1 32-Bit
- Windows 8.1 64-Bit
- Windows Mobile 5 Pocket PC
- Windows Vista 32-bit
- Windows Vista 64-bit
- Windows XP Home
- Windows XP Professional
- Windows XP Professional 64-bit
- Windows XP SP2 32-bit
- Windows XP SP3 32-bit
- Windows XP Tablet PC

Background Information

According to published research from security firm enSilo, a Microsoft Kernel flaw was discovered in the PsSetLoadImageNotifyRoutine in all Windows operating systems versions from Windows 2000 through the current Windows 10.

The impact of this flaw is said to potentially allow certain types of malware to evade antivirus and other host-based intrusion detection.

Impact on Trend Micro Products(s)

Fortunately, Trend Micro's detection mechanisms do not rely on PsSetLoadImageNotifyRoutine to identify malicious code. Based on Trend Micro's analysis, this flaw has no adverse impact on our Windows-based security products.

Please note that several articles have posted that Microsoft has issued the following response to the initial report of this flaw: “Our engineers reviewed the information and determined this does not pose a security threat and we do not plan to address it with a security update.”

Trend Micro will continue to monitor this issue and will make updates if needed to this article.

External Reference(s)

Dark Reading Blog: New Microsoft Kernel Bug Could Permit Malicious Modules

Need More Help?

TECHNICAL ADVISORY: Trend Micro Products and Microsoft PsSetLoadImageNotifyRoutine Kernel Flaw (Sept. 2017)