I need to know when a Patchguard bypass comes out such as ByePg and GhostHook etc.. for Windows 10 and Microsoft releases a fix/patch for it yes ? Then does Microsoft also patch the same vulnerability for previous versions of Windows such as 8.1 and 7 even though the bypass targets only Windows 10 and not Windows 7/8.1 ? Thanks
I'm not sure. I recently ready about UAC bypasses and they only seems to fix the latest OS. For example 7 and 8.1 were not patched but 10 was. And with a more recent one, only newer versions of 10 were patched, not even older ones like 1503 etc. I hope with Patchguard that they fix the vulnerabilities on all Windows versions that are still supported, and not only recent versions like with UAC bypass.
Wishful thinking, just like task scheduler's bypasses of UAC, since UAC is not a security boundary = nothing to patch. https://enigma0x3.net/2016/07/22/bypassing-uac-on-windows-10-using-disk-cleanup/ https://www.cyberark.com/resources/...patchguard-with-processor-trace-based-hooking
@BoerenkoolMetWorst thank you for the response. This is what I had thought too. @TairikuOkami thank you for the response. So what you're saying is that since the bypass is not a security boundary Microsoft does not typically release a patch for it ?
This silly PoC does not even execute when using properly configured Mcafee Endpoint. DLL side loading is not permitted.
Thanks, interesting stuff. So this stuff could even bypass UAC in high level. I have always said that UAC is a freaking joke anyway. And I personally wouldn't worry too much about PatchGuard bypasses, most malware don't need full kernel access to do any damage.
