With each new version of Windows OS, Microsoft enhances its security by adding mitigation mechanisms. Kernel-land vulnerabilities are getting more and more valuable these days. For example, the easiest way to escape from a sandbox (i.e. Google Chrome Sandbox) is by using a kernel vulnerability. That's why Microsoft struggles to enhance the security of the Windows Kernel.
Kernel Pool allocator plays significant role in security of whole kernel. Since Windows 7, Microsoft started to enhance the security of the Windows kernel pool allocator. Tarjei Mandt (@kernelpool) has done a great job in analysing the internals of the Windows Kernel pool allocator and has found some great attack techniques, mitigations and whatnot.
However, in Windows 8, Microsoft has eliminated almost all reliable techniques of exploiting kernel pool corruptions. Unfortunately, Tarjei's attack technique requires a lot of pre-requisites to be successful. Nonetheless, there are a lot of types of pool corruptions where his techniques will not work anymore.
Subsequently in Windows 8.1, Microsoft has eliminated a technique I have discovered and presented at HITB 2013, which is also known as 0xBAD0B0B0. Since then there is no easy way that exists -- publicly -- currently to exploit Pool Overflows on this version of Windows. However, I have discovered yet another technique that leverage a combination of tricks to convert Pool Overflows.
Recovering back from my continuous attacks against the Windows Kernel. Windows 10 comes out with a lot of new protections and security mitigations that makes it much harder to exploit those Kernel-land vulnerabilities. In an ever-lasting cat and mouth game, I come back with a brand new novel exploitation technique that works seamlessly on Windows 7, Windows 8, Windows 8.1 and Windows 10 as well. Check mate, Microsoft? Sorry, not this time!