Patchguard Bypasses and Patches

Discussion in 'other security issues & news' started by victor43, Nov 30, 2021.

  1. victor43

    victor43 Registered Member

    Joined:
    Nov 4, 2009
    Posts:
    43
    I need to know when a Patchguard bypass comes out such as ByePg and GhostHook etc.. for Windows 10 and Microsoft releases a fix/patch for it yes ? Then does Microsoft also patch the same vulnerability for previous versions of Windows such as 8.1 and 7 even though the bypass targets only Windows 10 and not Windows 7/8.1 ?

    Thanks
     
  2. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,658
    Location:
    Outer space
    I'm not sure. I recently ready about UAC bypasses and they only seems to fix the latest OS. For example 7 and 8.1 were not patched but 10 was. And with a more recent one, only newer versions of 10 were patched, not even older ones like 1503 etc. I hope with Patchguard that they fix the vulnerabilities on all Windows versions that are still supported, and not only recent versions like with UAC bypass.
     
  3. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,187
    Location:
    Slovakia
    Wishful thinking, just like task scheduler's bypasses of UAC, since UAC is not a security boundary = nothing to patch. https://enigma0x3.net/2016/07/22/bypassing-uac-on-windows-10-using-disk-cleanup/
    https://www.cyberark.com/resources/...patchguard-with-processor-trace-based-hooking
     
  4. victor43

    victor43 Registered Member

    Joined:
    Nov 4, 2009
    Posts:
    43
    @BoerenkoolMetWorst thank you for the response. This is what I had thought too.
    @TairikuOkami thank you for the response. So what you're saying is that since the bypass is not a security boundary Microsoft does not typically release a patch for it ?
     
  5. moredhelfinland

    moredhelfinland Registered Member

    Joined:
    Mar 31, 2009
    Posts:
    149
    Location:
    Finland
    This silly PoC does not even execute when using properly configured Mcafee Endpoint. DLL side loading is not permitted.
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,929
    Location:
    The Netherlands
    Thanks, interesting stuff. So this stuff could even bypass UAC in high level. I have always said that UAC is a freaking joke anyway. And I personally wouldn't worry too much about PatchGuard bypasses, most malware don't need full kernel access to do any damage.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.