Windows Kernel Data Protection is a kernel security feature which appears to use Extended Page Tables (EPT, a hardware virtualization feature) to enforce read-only pages. How effective is this at protecting from kernel exploits in the real world? Is this an effective mitigation, or security theater that only causes attackers to think a little more about which data structure they want to overwrite?
http://dlvr.it/Rzmzmg
G:7-Security (Cyber Security Research and Global Information Security Services)
No comments:
Post a Comment