During Matousek security analyses of personal firewalls and other security-related software that uses SSDT hooking, Matousek found out that many vendors simply do not implement the hooks in a proper way. This allows local Denial of Service by unprivileged users or even privilege escalations exploits to be created. 100% of tested personal firewalls that implement SSDT hooks do or did suffer from this vulnerability! This article reviews the results of our testing and describes how a proper SSDT hook handler should be implemented. Matousek also introduced BSODhook - a handy tool for every developer that deals with SSDT hooks and a possible cure for the plague in today's Windows drivers world.

http://www.securiteam.com/securityre...EP0B2KMKS.html