Japanese researcher finds way to use Microsoft security feature to install malware
The PatchGuard that is supposed to protect the operating system kernel could be exploited for installing malware. Look surprised, it's the third bug found in the feature
Ami Rojkes Dombe
| 02/06/2021
Photo: Bigstock
Japanese researcher Kento Oki discovered a bug in PatchGuard that can be exploited by the attacker to load unsigned malicious code into the Windows operating system kernel.
The PatchGuard, also known as Kernel Patch Protection, is a software protection tool designed to prevent the kernel of 64-bit versions of Windows operating systems from being patched in order to block kernel-level rootkit infections or execution of malicious code.
The software was introduced in 2005 with the x64 editions of Windows XP and Windows Server 2003 Service Pack 1.
"In an email last week, Kento told The Record he did not report the bug to Microsoft because the company previously ignored three other PatchGuard bypasses discovered in the past years and knew the company wouldn’t be rushing to fix it," reported The Record.
Kento's blog can be found here.
The PatchGuard that is supposed to protect the operating system kernel could be exploited for installing malware. Look surprised, it's the third bug found in the feature
Photo: Bigstock
Japanese researcher Kento Oki discovered a bug in PatchGuard that can be exploited by the attacker to load unsigned malicious code into the Windows operating system kernel.
The PatchGuard, also known as Kernel Patch Protection, is a software protection tool designed to prevent the kernel of 64-bit versions of Windows operating systems from being patched in order to block kernel-level rootkit infections or execution of malicious code.
The software was introduced in 2005 with the x64 editions of Windows XP and Windows Server 2003 Service Pack 1.
"In an email last week, Kento told The Record he did not report the bug to Microsoft because the company previously ignored three other PatchGuard bypasses discovered in the past years and knew the company wouldn’t be rushing to fix it," reported The Record.
Kento's blog can be found here.
