• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

ATI driver flaw exposes Vista kernel

W1zzard

W1zzard

Administrator
Staff member
Joined
May 14, 2004
Messages
27,031 (3.71/day)
System Specs
Processor Ryzen 7 5700X
Memory 48 GB
Video Card(s) RTX 4080
Storage 2x HDD RAID 1, 3x M.2 NVMe
Display(s) 30" 2560x1600 + 19" 1280x1024
Software Windows 10 64-bit
An unpatched flaw in drivers from ATI creates a means to smuggle malware past improved security defences in the latest version of Windows and into the Vista kernel.

Microsoft is working with ATI on an update which security watchers warn might be far from straightforward to roll-out.


The existence of the security flaw in ATI's driver came to light after developer Alex Ionescu released a proof-of-concept tool called Purple Pill that created an easy way to load and unload unsigned (potentially malicious) drivers on Vista. The utility circumvented new anti-rootkit defences built into Vista by turning off checks for signed drivers.

Ionescu pulled the utility hours after its release after realising that the ATI driver flaw Purple Pill uses, which he learned about in a presentation by Vista kernel security expert Joanna Rutkowska at Black Hat last week, is yet to be patched.
Click to expand...

View at TechPowerUp Main Site
 
WarEagleAU

WarEagleAU

Bird of Prey
Joined
Jul 9, 2006
Messages
10,812 (1.66/day)
Location
Gurley, AL
System Specs
System Name Pandemic 2020
Processor AMD Ryzen 5 "Gen 2" 2600X
Motherboard AsRock X470 Killer Promontory
Cooling CoolerMaster 240 RGB Master Cooler (Newegg Eggxpert)
Memory 32 GB Geil EVO Portenza DDR4 3200 MHz
Video Card(s) ASUS Radeon RX 580 DirectX 12 DUAL-RX580-O8G 8GB 256-Bit GDDR5 HDCP Ready CrossFireX Support Video C
Storage WD 250 M.2, Corsair P500 M.2, OCZ Trion 500, WD Black 1TB, Assorted others.
Display(s) ASUS MG24UQ Gaming Monitor - 23.6" 4K UHD (3840x2160) , IPS, Adaptive Sync, DisplayWidget
Case Fractal Define R6 C
Audio Device(s) Realtek 5.1 Onboard
Power Supply Corsair RMX 850 Platinum PSU (Newegg Eggxpert)
Mouse Razer Death Adder
Keyboard Corsair K95 Mechanical & Corsair K65 Wired, Wireless, Bluetooth)
Software Windows 10 Pro x64
Sounds like Vistas super security isnt super secure. I doubt anyone would use an ATI driver flaw to do something like this, but at least its worth noting and they are working on fixing it.
 
wiak

wiak

Supporter
Joined
Sep 5, 2004
Messages
1,956 (0.27/day)
Location
The Kingdom of Norway
System Specs
Processor Ryzen 5900X
Motherboard Gigabyte B550I AORUS PRO AX 1.1
Cooling Noctua NB-U12A
Memory 2x 32GB Fury DDR4 3200mhz
Video Card(s) PowerColor Radeon 5700 XT Red Dragon
Storage Kingston FURY Renegade 2TB PCIe 4.0
Display(s) 2x Dell U2412M
Case Phanteks P400A
Audio Device(s) Hifimediy Sabre 9018 USB DAC
Power Supply Corsair AX850 (from 2012)
Software Windows 10?
WarEagleAU said:
Sounds like Vistas super security isnt super secure. I doubt anyone would use an ATI driver flaw to do something like this, but at least its worth noting and they are working on fixing it.
Click to expand...
everything is unsecure, dont think you ARE secure, just look at Blu-Ray Disc and HD DVD, and the (un)brackable AACS

"the history has thought use that"
 
You must log in or register to reply here.
Top