David Kaplan
- 4 Followers
- 2 Following
- 2 Posts
@itm4n This is excellent work. Great research.
That typelib issue is a difficult one to mitigate. :)
In the upcoming Win11 we have a very tactical mitigation to make abuse of LdrpKnownDllDirectoryHandle more difficult. May consider backporting it.
Naturally a fully controlled write in a target PPL could make direct arb codeexec possible but at least limited write targeting the dll directory handle should be mitigated.
That typelib issue is a difficult one to mitigate. :)
In the upcoming Win11 we have a very tactical mitigation to make abuse of LdrpKnownDllDirectoryHandle more difficult. May consider backporting it.
Naturally a fully controlled write in a target PPL could make direct arb codeexec possible but at least limited write targeting the dll directory handle should be mitigated.