- This GhostHook Attack Bypasses Windows 10 PatchGuard Protections
Vulnerabilities discovered in Microsoft PatchGuard kernel protection which could allow an attacker to plant rootkits on computers running the company’s latest and secure operating system, Windows 10. Kernel Patch Protection (KPP), informally known as PatchGuard, is a feature of 64-bit (x64) editions of Microsoft Windows that prevents patching the kernel. According to the latest report, Researchers at CyberArk Labs have developed a new attack technique which could allow hackers to completely bypass PatchGuard, and hook a malicious kernel code (rootkits) at the kernel level. GhostHook, the attack is what the CyberArk Labs researchers call the first attack technique that thwarts the defensive technology to bypass PatchGuard, though it requires a hacker to already be present on a compromised system and running code in the kernel. GhostHook attack bypasses PatchGuard by leveraging a weakness in Microsoft’s implementation of a relatively new feature in Intel processors called Intel PT according to Hacker News.
Cyber Security Tips: Microsoft does not release any emergency patches for it, Windows 10 users are recommended that keep improving their cyber security, keep monitoring your system.