By changing the value that is returned by PsSetLoadImageNotifyRoutine, attackers can hide malware from security software that relies on this operation. The security researchers got in touch with Microsoft but got to hear that the software giant doesn't deem this as a security issue. Presumably, the software giant never intended this feature to be used this way.
Microsoft introduced the PsSetLoadImageNotifyRoutine notification mechanism as a way to programmatically notify app developers of newly registered drivers. Because the system could also detect when a PE image was loaded into virtual memory, the mechanism was also integrated with antivirus software as a way to detect some types of malicious operations.Source: Bleeping Computer
“We did not test any specific security software,” Misgav told Bleeping Computer via email. “We are aware that some vendors do use this mechanism, however at this point in time we cannot say if and how the use of the faulty [PsSetLoadImageNotifyRoutine] information affects them.”