CIS 170F: Windows 7 Administration

Week 10

Application Support
Application Compatibility
Kernel Patching

  • Kernel patching is a system whereby applications modify the core functionality of the Windows operating system to obtain low level access to the operating system and its resources. Kernel patching is considered a security risk because untrusted code, such as a root kit, could be inserted into the operating system. In addition, kernel patching can cause operating system instability if not done properly. The most common cause of system crashes in previous Windows versions is kernel patching. In Windows 7, the protection system for kernel patching is called Windows Resource Protection (WRP).
  • Windows 7 prevents kernel patching by untrusted applications that do not have a digital signature stamped and recognized by Microsoft. Permissions for full access to protected resources are restricted to the built-in TrustedInstaller security ID. The restriction on kernel patching does not affect most commonly used applications, such as off ce suites. However, some security products such as third-party firewall software may be affected. Some hardware drivers are also affected. Any attempt by an application to modify a protected registry key or operating system file will be refused. The application may realize access was denied but in several cases the default WRP action is to lie to the offending application and tell it the change was successful. This allows the computer to proceed without disturbing the user but the offending application will likely fail to operate because the data that it wrote earlier is absent.