Microsoft says an attacker needs kernel-level access before they can use the ‘GhostHook’ technique to install a rootkit.
Article Link: https://www.darkreading.com/vulnerabilities---threats/ghosthook-foils-windows-10-64-bits-kernel-protection/d/d-id/1329205?_mc=RSS_DR_EDT