GhostHook Attack Targets Windows 10 Vulnerability
Infosecurity Magazine | June 26, 2017
Last week, CyberArk Labs demonstrated an attack that can enable the installation of rootkit malware under Windows 10 64-bit. The proof-of-concept attack overrides the operating system's PatchGuard feature. Microsoft's PatchGuard was designed to prevent malicious code from patching the kernel of 64-bit Windows operating systems. The feature's official name is Kernel Patch Protection, and it was introduced with 64-bit Windows XP in 2005. One type of attack that PatchGuard was designed to mitigate is malware that poses as Windows security updates.