ATI Driver Flaw Exposes Vista Kernel to Attackers
Shack0ption writes "An unpatched flaw in an ATI driver was at the center of the mysterious Purple Pill proof-of-concept tool that exposed a way to maliciously tamper with the Windows Vista kernel. The utility, released by Alex Ionescu and yanked an hour later after the kernel developer realized that the ATI driver flaw was not yet patched, provided an easy way to load unsigned drivers onto Vista — effectively defeating the new anti-rootkit/anti-DRM mechanism built into Microsoft's newest operating system. Ionescu confirmed his tool was exploiting a vulnerability in an ATI driver — atidsmxx.sys, version 3.0.502.0 — to patch the kernel to turn off certain checks for signed drivers. This meant that a malicious rootkit author could essentially piggyback on ATI's legitimately signed driver to tamper with the Vista kernel."
How long before the usual MS bashing starts on a clearly ATi problem??
I'm not going to blame Microsoft. I'm going to blame the various countries' legislators for not passing a law demanding that driver Source Code be published as a condition of approval of hardware for sale.
If there were such a law on the books, many vulnerabilities would be flushed out. The closedness is at the very root of the problems, and the only way to solve them for good is to enforce Source Code availability.
(I don't buy your "Let the Free Market Decide" bleatings. I can see where you're coming from, but you have to realise there is no free market in the computer hardware sector anymore, just a cartel of vendors who use various dirty tricks to prevent competition from outside. In this situation, only Government can make a difference.)
Je fume. Tu fumes. Nous fûmes!