New Tool Bypasses Windows 11 PatchGuard, Opening a New Debate on Security
A security researcher named Wayne has unveiled a new tool for Windows 11 that circumvents the PatchGuard protection mechanism in the system’s latest release (24H2). The project, called Kurasagi, has already been published on GitHub.
PatchGuard, also known as Kernel Patch Protection, was introduced by Microsoft to prevent modifications to the operating system’s kernel, thereby complicating the work of malicious software. Yet this same safeguard often hinders legitimate researchers seeking to study Windows’ internal processes. The new project demonstrates that even the most recent iterations of this protection can be bypassed with sufficient effort.
The arrival of Kurasagi is likely to spark vigorous debate within the community: on one hand, it represents a valuable tool for security professionals; on the other, it introduces a potential risk, as such techniques could equally be exploited by malicious actors.
