UPDATE: The driver flaw has now been patched with the recent update released by ATI. It is recommended that users of ATI graphics cards update their current drivers to the newest driver that was released!
An unpatched flaw in drivers from ATI creates a security hole to sneak malware past the improved security features in Windows Vista and straight to the Vista Kernel. Microsoft says that they are working with ATI to release an update and security watchers think that might be far from straightforward to roll-out.
The existence of this flaw in ATI’s driver came about after a developer released a proof-of-concept tool call “Purple Pill” which creates an easy way to load and unload unsigned and potentially malicious drivers on Windows Vista. The utility can be used to circumvent new anti-rootkit defenses that are built into Windows Vista by turning off checks for signed drivers.
The developer that wrote the “Purple Pill” tool pulled the utility hours after its release and realizing that the ATI driver flaw “Purple Pill” uses, which was recently presented by Vista Kernel security expert Joanna Rutkowska at Black Hat last week. The functionality of “Purple Pill” is similar to that of “Atsiv” a tool which was designed by Linchpin Labs in Austrailia and is part of a research project into driver signing.
Microsoft recently responded to the development of “Atsiv” by revoking it’s license and classifying it as malware, much to Linchpin Labs’ surprise. “Atsiv” had evolved into a project that allowed users using legacy hardware to deploy Windows Vista and to install unsigned drivers for the legacy hardware.
Share and Enjoy:
These icons link to social bookmarking sites where readers can share and discover new web pages.
213 Views
|
Leave a comment
If you want to leave a feedback to this post or to some other user´s comment, simply fill out the form below.