A new PatchGuard vulnerability is the height of irony. Microsoft designed PatchGuard–also called Kernel Patch Protection (KPP)–to prevent users (and attackers) from patching the Windows kernel. Among other things, this should make it much harder to create kernel-level rootkits. However, a flaw in PatchGuard (related to Intel PT) allows a new hooking technique that attackers can leverage for rootkits. Watch today’s video for more info.
Episode Runtime: 3:21
Direct YouTube Link: https://www.youtube.com/watch?v=DaKJYsWKLeg
EPISODE REFERENCES:
- Researchers GhostHook blog post – CyberArk
- Good article on GhostHook – Bleeping Computer
- PatchGuard flaw allows kernel rootkits – The Register
— Corey Nachreiner, CISSP (@SecAdept)
Leave a Reply