BoundHook exploits a feature in all Intel chips -To cause an exception in a specific memory location in a user-mode context. Next, it is able to catch the exception and gain control over the thread execution used by a specific application. For example, the technique could allow for the interception of a keyboard event message passed between Windows and a specific service, allowing an attacker to capture or manipulate a victim’s keystrokes
GhostHook - Attack method bypassed Microsoft’s attempts to prevent kernel level attacks (via PatchGuard) and used the hooking approach to take control of a device at the kernel level.
Strange but True:
Microsoft and Intel don’t see either as a vulnerability on their end. Both told CyberArk it will not patch the issue because the attack requires that the adversary already has already fully compromised the targeted system
More Here:
https://threatpost.com/boundhook-attack-exploits-intel-skylake-mpx-feature/128517/
No comments:
Post a Comment