Controversy has emerged over PatchGuard, the kernel protection service scheduled to be included in the 64-bit version of Windows Vista. Microsoft’s PatchGuard technology, scheduled for inclusion in the 64-bit version of Windows Vista, has caused a furor from certain antivirus vendors, who charged that Microsoft was gaining an “unfair advantage” by not allowing them unfettered access to the kernel. Now, security firm Authentium is claiming that they have cracked PatchGuard, and will use the technique to disable the protection, install the kernel patches that come with their own software, and then restore PatchGuard once the installation is complete. Authentium’s claims have not yet been independently confirmed at this time.
Authentium’s unconfirmed hack is not the only known exploit of PatchGuard. A public description of how to bypass PatchGuard has been known about for some time. Microsoft has not commented on the exploit, but one assumes that the company is working on a patch. Microsoft could easily push critical updates to close this hole, or the Authentium hole, at any time.
For all the fuss going on over PatchGuard, it would be understandable to assume that this is a completely new technology that Microsoft is introducing with Windows Vista. In fact, PatchGuard has been around since the 64-bit versions of Windows Server 2003 and Windows XP Professional were released. It works by utilizing special hardware features in 64-bit x86 processors to monitor and prevent device drivers or other kernel-mode software from modifying the Windows kernel itself.