Table Restoration
Summary
DiamondCS Process Guard is "an advanced Win32 security system that protects both system and security processes (as well as user-defined processes) from attacks by other processes, services, drivers, and other forms of executing code on your system. The first program of its kind, Process Guard can protect a process against termination, suspension and prevents loading of malicious kernel drivers".
Process Guard protects a running process by hooking several native APIs in kernel-space. However, an implementation flaw allows a malicious program to disable Process Guard's protection by restoring the running kernel's SDT ServiceTable with direct writes to \device\physicalmemory.
Details
Vulnerable Systems:
* Process Guard Free version 2.000
Vendor response:
Vulnerability will be fixed in the next release.
Workarounds:
Do not run untrusted programs as Administrator.
Proof of concept:
http://www.security.org.sg/vuln/procguard.html
Disclosure timeline:
23 Jun 04 - Vulnerability Discovered
24 Jun 04 - Initial Vendor Notification
25 Jun 04 - Initial Vendor Response
07 Jul 04 - Public Release
More details - http://www.securiteam.com/windowsntfocus/5YP0120DFO.html
Help, my PC with Windows 10 won't shut down properly
Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?