Critical Vulnerability Affects Windows Security Apps

Researchers at security tesing firm Matousec.com have discovered a "very serious" vulnerability in Windows' security software.

The vulnerability could allow hackers to execute a harmful code capable of dodging even the most recently updated security software.

A security paper published by the website states that hackers can successfully exploit the kernel driver hooks that are used by some recent security software to re-route Windows system calls via their software to check code before it's executed.

The security website explained that in what is known as an 'argument-switch attack', hackers can switch legitimate code for malicious code between the time the system gives it the all-clear and the code is run.

Alfred Huger, vice president of engineering at antivirus software maker Immunet, told Computer World: “This is definitely very serious. Probably any security product running on Windows XP can be exploited this way.”

Huger also confirmed that the hole in the Windows security software does not affect security software offered by Immunet because their desktop software uses a different method to hook kernels.