An unpatched flaw in drivers from ATI creates a security hole to sneak malware past the improved security features in Windows Vista and straight to the Vista Kernel. Microsoft says that they are working with ATI to release an update and security watchers think that might be far from straightforward to roll-out. The existence of this flaw in ATI’s driver came about after a developer released a proof-of-concept tool call “Purple Pill” which creates an easy way to load and unload unsigned and potentially malicious drivers on Windows Vista. The utility can be used to circumvent new anti-rootkit defenses that are built into Windows Vista by turning off checks for signed drivers.
The developer that wrote the “Purple Pill” tool pulled the utility hours after its release and realizing that the ATI driver flaw “Purple Pill” uses, which was recently presented by Vista Kernel security expert Joanna Rutkowska at Black Hat last week. The functionality of “Purple Pill” is similar to that of “Atsiv” a tool which was designed by Linchpin Labs in Austrailia and is part of a research project into driver signing. Microsoft recently responded to the development of “Atsiv” by revoking it’s license and classifying it as malware, much to Linchpin Labs’ surprise. “Atsiv” had evolved into a project that allowed users using legacy hardware to deploy Windows Vista and to install unsigned drivers for the legacy hardware.
News source: thewindowsblog.net
The developer that wrote the “Purple Pill” tool pulled the utility hours after its release and realizing that the ATI driver flaw “Purple Pill” uses, which was recently presented by Vista Kernel security expert Joanna Rutkowska at Black Hat last week. The functionality of “Purple Pill” is similar to that of “Atsiv” a tool which was designed by Linchpin Labs in Austrailia and is part of a research project into driver signing. Microsoft recently responded to the development of “Atsiv” by revoking it’s license and classifying it as malware, much to Linchpin Labs’ surprise. “Atsiv” had evolved into a project that allowed users using legacy hardware to deploy Windows Vista and to install unsigned drivers for the legacy hardware.
News source: thewindowsblog.net
Lets just hope that this doesn't inspire legions of coders into ways of creating more effective malware.
x2
You beat me to it!
This is getting old now!
x3
It's way past old now. Most of the people who say it have never even used Vista or tried it on a system that wasn't meant to run it.
Find something else to do with your time besides sitting on the internet blaming everything on Vista.
x3
It's way past old now. Most of the people who say it have never even used Vista or tried it on a system that wasn't meant to run it.
Find something else to do with your time besides sitting on the internet blaming everything on Vista.
x4
I don't even run Windows - but I find it humorous that people need to senselessly bash Microsoft; if these individuals who hate Windows so much, why don't they actually do something about it and move instead of sitting in the cheap seats whining about Microsoft?
It's way past old now. Most of the people who say it have never even used Vista or tried it on a system that wasn't meant to run it.
Oh really? Prove it.
I'll tell you what's way past old; a few delusional fanboys bleeting and defending a clearly less-than-stellar product in the face of overwhelming contrary opinion. You vista kiddies are getting to be almost as bad as the Apple freaks.
It's way past old now. Most of the people who say it have never even used Vista or tried it on a system that wasn't meant to run it.
Oh really? Prove it.
I'll tell you what's way past old; a few delusional fanboys bleeting and defending a clearly less-than-stellar product in the face of overwhelming contrary opinion. You vista kiddies are getting to be almost as bad as the Apple freaks.
Overwhelming contrary opinion? I know lots of people who use it and never have any problems, or the ones that pop up are due to old hardware that doesn't have a Vista driver yet.
I remember all the past Windows versions that had "overwhelming contrary opinions" in the past, yet people seem to love XP now though they bashed it for being a little kids "fisher price" OS years ago.
It just seems to me that the same people who hate Vista today hated XP back in 2001 when it was new. *yawn*, this is nothing new and quite boring at this point.
Well the thing is this flaw is the fault of Microsoft. The flaw has nothing to do with the driver itself, just the installer.
Actually the currently released Catalyst 7.7 does not contain the bug anymore. They fixed it by altering the installer for the fault was in the driver installer that allowed access to the kernel through the video driver, not in the actual driver. Or that so I have heard...
Actually the currently released Catalyst 7.7 does not contain the bug anymore. They fixed it by altering the installer for the fault was in the driver installer that allowed access to the kernel through the video driver, not in the actual driver. Or that so I have heard...
http://www.theinquirer.net/?article=41638
Actually the currently released Catalyst 7.7 does not contain the bug anymore. They fixed it by altering the installer for the fault was in the driver installer that allowed access to the kernel through the video driver, not in the actual driver. Or that so I have heard...
http://www.theinquirer.net/?article=41638
Not even gonna click... You might as well have just made something up as quote The Inquirer.
Actually the currently released Catalyst 7.7 does not contain the bug anymore. They fixed it by altering the installer for the fault was in the driver installer that allowed access to the kernel through the video driver, not in the actual driver. Or that so I have heard...
http://www.theinquirer.net/?article=41638
Not even gonna click... You might as well have just made something up as quote The Inquirer.
Too true
"I reject your reality and substitute it with my own"
"I reject your reality and substitute it with my own"
I thought Adam said that not Jamie
Actually the currently released Catalyst 7.7 does not contain the bug anymore. They fixed it by altering the installer for the fault was in the driver installer that allowed access to the kernel through the video driver, not in the actual driver. Or that so I have heard...
http://www.theinquirer.net/?article=41638
For the hell of it I read theinq article. And I just have to wonder about this little bit here. "The way it works is if a vulnerability exists in a driver, since the driver has kernel level access, a moronic design decision on MS's part that we will all pay for over the next few years"
Correct me if I'm wrong, but how the hell will a hardware driver work if it doesn't have kernel level access? Unless you want to force all hardware drivers to pass though something else first, but that's been in NT since the start, called the HAL iirc. If anyone knows the inner workings of drivers, do feel free to pop in and shed some light on things.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.