GhostHook: CyberArk finds new way to attack Windows 10
by Sam Varghese | June 22, 2017
ITWire: CyberArk finds new way to attack Windows 10
Researchers at CyberArk Labs have discovered a new way of gaining access to the innards of Windows 10 64-bit systems that can bypass existing safeguards, including the kernel patch protection known as PatchGuard that Microsoft developed to improve system security.
Yaacov Ben Naim , the company’s senior director of Cyber Research, told iTWire that Microsoft had been told about the new attack method, which CyberArk calls GhostHook.However, given that one already needs to have gained admin access to a system in order to use GhostHook, Ben Naim said Microsoft had said that nothing would be done now, and that the flaw that permitted the intrusion would be fixed in the next version of Windows.
When asked whether Microsoft’s response was similar to the analogy of someone not wanting to catch an intruder who was planning to set fire to a house just because another person had already gained entry, Ben Naim agreed it was quite similar.
According to him, using GhostHook would allow an attacker to take over systems at the kernel level and remain undetected.
Read the full article on ITWire.com: | June 22, 2017
Edit to remove HTML and add credits
