New Vulnerabilities have found in Microsoft PatchGuard kernel protection which allow hackers to place rootkits on secure operating system Windows 10.
 |
Researchers at CyberArk labs have developed a new attack technique named 'GhostHook' which allows hackers to completely bypass PatchGuard, and plant rootkits(malicious kernel code) at the kernel level.
PatchGuard is a software tool that has been designed to block the kernel of 64-bit Windows OS from being patched,preventing hackers from running rootkits at kernel level.
To compromise a target system first an attacker would do a hacking exploit or malware then deploy GhostHook to set up a permanent and secret presence on a compromised 64-bit Windows 10 Machine.
Once the machine is compromised, attacker can plant a malicious kernel code (rootkit) in the kernel of compromised system, which is completely undetectable to antivirus and other third party security products and also hidden from Microsoft's PatchGuard itself.
Microsoft did not consider GhostHook as a serious threat and told the security firm that the company does not think any emergency any patch is needed but may address in a future version of Windows.
Microsoft did not think GhostHook as a serious threat issue and told the security firm that the company does not think that any emergency patch is needed right now but may address in a future version of Windows.
Microsoft did not consider GhostHook as a serious threat and told the security firm that the company does not think any emergency any patch is needed but may address in a future version of Windows.
Comments
Post a Comment