CrowdStrike backs Microsoft’s demand for reducing kernel-level access
- by nlqip
“Certain events must be tapped into at the kernel level and responded to accordingly, but the whole signature matching process doesn’t need to happen there,” Florian Roth, head of research at Nextron Systems, wrote in an X post. “It could reside in another component, limiting the kernel module to essential tasks only.”
Ideally, such privileged access should be governed stringently, ensuring adequately tested, digitally signed software with limited privileges is used,” said Sunil Varkey, advisor at Beagle Security. “Collectively, a new approach to balance between risk and effectiveness is needed.”
Kernel access represents a significant point of vulnerability because it enables deep system-level interactions, which, if exploited, can result in extensive disruptions and breaches. By restricting kernel access, Microsoft aims to minimize the potential for such vulnerabilities.
Source link
lol
“Certain events must be tapped into at the kernel level and responded to accordingly, but the whole signature matching process doesn’t need to happen there,” Florian Roth, head of research at Nextron Systems, wrote in an X post. “It could reside in another component, limiting the kernel module to essential tasks only.” Ideally, such privileged…
Recent Posts
- Bob Sullivan Discovers a Scam That Strikes Twice
- A Vulnerability in Apache Struts2 Could Allow for Remote Code Execution
- CISA Adds One Known Exploited Vulnerability to Catalog | CISA
- Xerox To Buy Lexmark For $1.5B In Blockbuster Print Deal
- Vulnerability Summary for the Week of December 16, 2024 | CISA