The Latest in IT Security

BoundHook Hooking Is Invisible to Windows 10’s PatchGuard

19
Oct
2017

laptop-coding-1030x567

A newly discovered hooking technique can go completely undetected by the current implementation of PatchGuard, CyberArk security researchers warn.

Called BoundHook, the method relies on causing an exception in a very specific location in a user-mode context, as well as on catching that exception to gain control over the thread execution. It can bypass PatchGuard, or Kernel Patch Protection, which was designed by Microsoft to prevent malicious code from running at kernel level on 64-bit versions of Windows.

Related posts:
  1. GhostHook Attack Bypasses Windows 10 PatchGuard
  2. Microsoft November Patch Updates “All” Windows Versions, Even Windows 8
  3. Microsoft Patch Tuesday – October 2011
  4. Microsoft will issue one last Windows XP patch
  5. Microsoft ends Windows XP support, hackers may be lurking

Read More

Tags:  
Written by Feedproxy
0 Comments

Leave a reply


Categories

TUESDAY, APRIL 23, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments