Data Security News Headlines 24th June 2017

  1. This GhostHook Attack Bypasses Windows 10 PatchGuard Protections

Vulnerabilities discovered in Microsoft PatchGuard kernel protection which could allow an attacker to plant rootkits on computers running the company’s latest and secure operating system, Windows 10. Kernel Patch Protection (KPP), informally known as PatchGuard, is a feature of 64-bit (x64) editions of Microsoft Windows that prevents patching the kernel. According to the latest report, Researchers at CyberArk Labs have developed a new attack technique which could allow hackers to completely bypass PatchGuard, and hook a malicious kernel code (rootkits) at the kernel level. GhostHook, the attack is what the CyberArk Labs researchers call the first attack technique that thwarts the defensive technology to bypass PatchGuard, though it requires a hacker to already be present on a compromised system and running code in the kernel. GhostHook attack bypasses PatchGuard by leveraging a weakness in Microsoft’s implementation of a relatively new feature in Intel processors called Intel PT according to Hacker News.

Cyber Security Tips: Microsoft does not release any emergency patches for it, Windows 10 users are recommended that keep improving their cyber security, keep monitoring your system.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a free website or blog at WordPress.com.

Up ↑

%d bloggers like this: