Uninformed: Informative Information for the Uninformed

Vol 8» 2007.Sep

Bypass Mechanisms and Countermeasures

Like PatchGuard 2, it would be folly to state that PatchGuard 3 is invulnerable to assault by third party driver code intent on performing operations blocked by PatchGuard. There are many possible attacks for the new defenses in PatchGuard 3 (as well as several possible countermeasures that Microsoft could take in order to break the proposed bypass mechanisms in a future PatchGuard iteration). This article will describe specific attacks that are capable of defeating PatchGuard 3.