Microsoft patches Kernel Patch Protection for 64-bit Windows
Apart from the security updates released last Tuesday, Microsoft has also released a patch to improve Kernel Patch Protection stability for 64-bit Windows XP, Server 2003 and Vista. The new technology, which is sometimes also called PatchGuard, is designed to protect operating system kernels from malicious code and prevent for example trojans or rootkits from becoming deeply embedded in the system. One of the features allows only digitally signed drivers with valid certificates to be loaded into the kernel.
According to Microsoft, the update was not released to close any PatchGuard vulnerabilities. Instead, it is only intended to increase stability, performance and reliability. The patch is, for example, said to add additional checks to Kernel Patch Protection. There is allegedly no connection to the recently published ATI graphics driver holes which allow unsigned drivers to be loaded into the kernel space. While ATI has released an update, drivers from other vendors are said to display similar vulnerabilities. The cause is said to be the installer used.
- Update to Improve Kernel Patch Protection, Microsoft advisory