VULHUB ™

A vulnerability is reported to affect Process Guard that could permit an executable that is run by an administrator to disable Process Guard protection. It is reported that it is possible to restore the Service Description Table (SDT) to its original state. This can be accomplished because direct writes to certain devices are not controlled by the Process Guard driver-blocking feature. A malicious application that is run by an administrator can read an intact SDT table from kernel memory and restore the SDT table in the running kernel by writing to kernel memory space.

A vulnerability is reported to affect Process Guard that could permit an executable that is run by an administrator to disable Process Guard protection. It is reported that it is possible to restore the Service Description Table (SDT) to its original state. This can be accomplished because direct writes to certain devices are not controlled by the Process Guard driver-blocking feature. A malicious application that is run by an administrator can read an intact SDT table from kernel memory and restore the SDT table in the running kernel by writing to kernel memory space.