PATCHGUARD AND SIGNED DRIVER ON W7 x64 BYPASSED

Learn about Computer Security Leak Testing/Attacks/Vulnerability Research
#1

Hi all,

so finally, 2 french researchers (congratulations to my compatriotes), seems to have demonstrated that a kernel mode rootkit is possible… even on W7 x64, even with patchguard 3, even with unsigned driver!

http://translate.google.fr/translate?hl=fr&ie=UTF-8&sl=nl&tl=en&u=http://www.security.nl/artikel/33733/1/Windows_7_64-bit_te_hacken_via_PCMCIA-kaart.html

For now the attacker must have physical access to the computer, but are you thinking this demontrations is a first step to seen a time a kernel mode rootkit on W7 x64? Maybe there are somes ideas here for malware writers to bypass x64 protections…

Here the PDF: http://conference.hitb.org/hitbsecconf2010ams/materials/D2T2%20-%20Devine%20&%20Aumaitre%20-%20Subverting%20Windows%207%20x64%20Kernel%20with%20DMA%20Attacks.pdf

I’m not worry for now, but it’s may be only the first step…

BYE