Microsoft denies that BoundHook vulnerability is actually a vulnerability

Security researchers at CyberArk are reporting about a new technique that could be used to take control of Windows 10 devices. Known as BoundHook, the technique takes advantage of the BOUND hooking technique in Intel MPX (Memory Protection Extensions). But while CyberArk says that it will "bring new capabilities to both software security vendors and malware writers," Microsoft is downplaying the issue, suggesting there is nothing to worry about. CyberArk acknowledges that the "technique can be used in a post-exploitation scenario in which the attacker has control over the asset." That said, it's not something that should necessarily be ignored.… [Continue Reading]