ATI driver flaw exposes Vista kernel

W1zzard · Aug 11, 2007, 01:00 PM

An unpatched flaw in drivers from ATI creates a means to smuggle malware past improved security defences in the latest version of Windows and into the Vista kernel.

Microsoft is working with ATI on an update which security watchers warn might be far from straightforward to roll-out.

Quote:

The existence of the security flaw in ATI's driver came to light after developer Alex Ionescu released a proof-of-concept tool called Purple Pill that created an easy way to load and unload unsigned (potentially malicious) drivers on Vista. The utility circumvented new anti-rootkit defences built into Vista by turning off checks for signed drivers.

Ionescu pulled the utility hours after its release after realising that the ATI driver flaw Purple Pill uses, which he learned about in a presentation by Vista kernel security expert Joanna Rutkowska at Black Hat last week, is yet to be patched.

Source: The Register

WarEagleAU · Aug 12, 2007, 04:48 AM

Sounds like Vistas super security isnt super secure. I doubt anyone would use an ATI driver flaw to do something like this, but at least its worth noting and they are working on fixing it.

wiak · Aug 12, 2007, 08:16 AM

Quote:

Originally Posted by WarEagleAU

Sounds like Vistas super security isnt super secure. I doubt anyone would use an ATI driver flaw to do something like this, but at least its worth noting and they are working on fixing it.

everything is unsecure, dont think you ARE secure, just look at Blu-Ray Disc and HD DVD, and the (un)brackable AACS

"the history has thought use that"

Processor:	Intel Core i7-2600K @ 3.4 GHz
Motherboard:	ASUS P8Z68-V Pro
Memory:	3x 2048 MB Mushkin DDR3
Video Card:	ASUS GeForce GTX 670 Direct CU II TOP
Hard Disk:	Crucial C300 128 GB, WD6400AAKS 640 GB, WD15EADS 1.5 TB
Optical Drive:	BenQ DW1640
CRT/LCD Model:	Dell U3011 30", 2560x1600 + 19" 1280x1024
Case:	NZXT H2
Sound Card:	On-board Realtek HD
PSU:	Kingwin Absolute Platinum 550 W
Software:	Windows 7 64-bit

Aug 12, 2007, 04:48 AM	#2
WarEagleAU Bird of Prey Join Date: Jul 2006 Location: Gurley, AL Posts: 9,994 (3.98/day) Thanks: 3,810 Thanked 557 Times in 521 Posts System Specs	Sounds like Vistas super security isnt super secure. I doubt anyone would use an ATI driver flaw to do something like this, but at least its worth noting and they are working on fixing it. __________________ =-TheEagle-= http://www.heatware.com/eval.php?id=62454 “You crazy? Surfing any website without an antivirus is like freaking with a dirty woman without protection” -OzzmanFloyd120 - Edited for content and clarity

System Name:	Boddha Getta
Processor:	AMD FX 6100 @ 4.432Ghz @1.401V
Motherboard:	ASUS M5A99X EVO AMD 990X AMD SB950
Cooling:	Custom Water. EK 240MM Kit, Supreme HSF - Runs 35C
Memory:	2 x 4GB Corsair Vengeance White LP @ 1.35V
Video Card:	XFX Radeon HD 6870 900/1050 (no OC yet)
Hard Disk:	WD Caviar Black 1.0TB, WD Caviar Green 1.0TB, WD 160GB
Optical Drive:	Samung SH22SL 22X Lightscribe DVD+/-R/RW LG BDRE Reader/Burner Lite ON Max Burner for burning Xbox
CRT/LCD Model:	Asus VH222/S 22: (21.5" Viewable) 1920x1080p HDMI LCD Monitor
Case:	NZXT White Phantom
Sound Card:	Onboard Realtek 5.1
PSU:	NZXT Hale 90 Gold Cert 750W Modular PSU
Software:	Windows 7 Pro 64 bit.
Benchmarks:	5.9 Windows Index rating 3D06 - 17472

System Name:	Wiak's Gaming Rig v4.0
Processor:	AMD Phenom II 965 125W Rev. C3
Motherboard:	Gigabyte GA-MA790FX-UD5P (8+2 Phase)
Cooling:	1x 140mm 3x 120mm, Zalman CPNS9500LED
Memory:	OCZ Platinum XTC 4096MB DDR3 1600mhz Dual Channel @ 1333mhz 6-6-6-24
Video Card:	Sapphire Radeon HD 7970 3GB GDDR5 (Stock Cooler)
Hard Disk:	1x Cruical M4 128GB 1x Samsung F3 1TB 1x WD My Book 3.0 2TB
Optical Drive:	LH BH10 Blu-Ray Writer and CH08 Blu-Ray Reader
CRT/LCD Model:	Dell UltraSharp U2410 24" 1920x1200 H-IPS
Case:	Antec Three Hundred
Sound Card:	Asus Xonar DX
PSU:	Corsair AX 850W
Software:	Windows 7 Home Premium x64 Edition SP1

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)