Flaws in Microsoft PatchGuard create a means for hackers to plant rootkits on Windows 10, 64-bit OS devices. The newly discovered attack technique, dubbed GhostHook, allows attackers to completely bypass PatchGuard, security researchers at CyberArk Labs warn. PatchGuard (formally known as Kernel Patch Protection) was developed to prevent Windows users patching the kernel, and by extension make the OS more secure by preventing hackers from running rootkits at the kernel level. CyberArk Labs reckons GhostHook is the first technique that thwarts the defensive technology to bypass PatchGuard and hook a rootkit at the kernel level.