The security of a computer system depends on OS kernel protection. It is crucial to reveal and inspect new attacks on kernel data, as these are used by hackers. The purpose of this paper is to continue research into attacks on dynamically allocated data in the Windows OS kernel and demonstrate the capacity of MemoryRanger to prevent these attacks. This paper discusses three new hijacking attacks on kernel data, which are based on bypassing OS security mechanisms. The first two hijacking attacks result in illegal access to files open in exclusive access. The third attack escalates process privileges, without applying token swapping. Although Windows security experts have issued new protection features, access attempts to the dynamically allocated data in the kernel are not fully controlled. MemoryRanger hypervisor is designed to fill this security gap. The updated MemoryRanger prevents these new attacks as well as supporting the Windows 10 1903 x64.

翻译：计算机系统的安全取决于OS内核保护。 披露和检查对内核数据的新攻击至关重要, 因为黑客使用这些数据。 本文的目的是继续研究对视窗OS内核中动态分配数据的攻击, 并展示记忆保护者防止这些攻击的能力。 本文讨论了对内核数据的三次新的劫持攻击, 其依据是绕过OS安全机制。 前两次劫持攻击导致非法访问开放的专用文件。 第三次攻击使进程权限升级, 没有应用象征性交换。 虽然 Windows安全专家发布了新的保护功能, 试图访问动态分配在内核中的数据没有完全控制。 MemorRanger 超视仪旨在填补这一安全漏洞。 经更新的MuneRanger防止这些新的攻击, 并支持 Windows 10 1903 x64 。