After GhostHook and InfinityHook, we now have ByePg. No patch out yet.
A security researcher published proof-of-concept code last month for an exploit that can bypass the Microsoft Kernel Patch Protection (KPP) security feature, more commonly known as PatchGuard.
Named ByePg, this is the second Patchguard bypass discovered and publicly disclosed in the past six months, after InfinityHook, which was disclosed in July this year.
What is Microsoft PatchGuard
Microsoft PatchGuard is a security feature that was introduced in 2005 in Windows XP. It is only available for 64-bit versions of Microsoft Windows, and its role is to prevent apps from patching the kernel.
... ...