Virtualization based security technologies (VBS) continue to increase the world’s dependency on the security of virtualization stacks. But like all software stacks, virtualization stacks are prone to vulnerabilities too.
In this talk, we will explain how we found and fixed two vulnerabilities in SecureKernel in Windows 10, which is a critical component of the core of the TCB (Trusted Computing Base) for Microsoft’s VBS model. The vulnerabilities could allow an attacker to gain arbitrary code execution in VTL1, compromising the entire VBS model. We will also walk through our process to exploit both vulnerabilities on the latest version of Windows (at the time of writing).
By Saar Amar & Daniel King
Full Abstract & Presentation Materials: https://www.blackhat.com/us-20/briefings/schedule/#breaking-vsm-by-attacking-securekernel-20382