Microsoft Patches PatchGuard Hack
Microsoft is definitely not happy that a security software vendor has bypassed the kernel protection software in Windows Vista, PatchGuard, and said that it would not be wise to continue because Microsoft will close any flaws discovered, making any software dependent on it, obsolete, and this, says Microsoft, could make users of such software unprotected and dealing with more problems because of such attempted access. Sounds like they are trying to draw a line in the sand.
“Microsoft is aware of public reports of ways to subvert the kernel in Windows Vista and has addressed them in current builds; however, we have not received any other reports of ways to subvert the kernel in existing builds of Vista,” said Adrien Robinson, director of Microsoft’s Security Technology Unit.
“If a vulnerability is discovered in Kernel Patch Protection, Microsoft will issue a security update as part of the standard Microsoft Security Response Center process.” Source: eWeek
Security vendors have been beating up this topic for a long time now, and Microsoft recently agreed to provide APIs that they could use to access the kernel, but the security vendors are worried about the timeliness of receiving the APIs. Authentium’s work around was to take advantage of part of the kernel that allowed the os to support older hardware. This is NOT the last we’ll hear about this subject.