Tuesday's update to Windows Vista's PatchGuard, a kernel protection scheme designed to keep malicious or unproven code at arm's length, had nothing to do with recent hacks of another Vista defense, Microsoft said Thursday. The update to Kernel Patch Protection (KPP), also known as PatchGuard, was issued Tuesday to Vista 64-bit users, but the description of the enhancement was inscrutable. All Microsoft said at the time was "this update adds checks to this protection for increased resiliency in Windows."
Third-party researchers filled the vacuum with speculation about the update's purpose, with much of that speculation centered on a possible connection between the update and multiple disclosures that Vista's kernel code signing defense -- another barrier Microsoft set up to protect the kernel, but separate from PatchGuard -- could be easily circumvented. Among the end-arounds was a utility written by Alex Ionescu, a Canadian college student interning this summer at Apple Inc. Ionescu's "Purple Pill" used a flawed, but legitimate and signed ATI Technologies video driver, to slip unsigned code past Vista's protection.