Slashdot Mirror

← Back to Stories (view on slashdot.org)

ATI Driver Flaw Exposes Vista Kernel to Attackers

Posted by CowboyNeal on from the sneaking-in dept.

Shack0ption writes "An unpatched flaw in an ATI driver was at the center of the mysterious Purple Pill proof-of-concept tool that exposed a way to maliciously tamper with the Windows Vista kernel. The utility, released by Alex Ionescu and yanked an hour later after the kernel developer realized that the ATI driver flaw was not yet patched, provided an easy way to load unsigned drivers onto Vista — effectively defeating the new anti-rootkit/anti-DRM mechanism built into Microsoft's newest operating system. Ionescu confirmed his tool was exploiting a vulnerability in an ATI driver — atidsmxx.sys, version 3.0.502.0 — to patch the kernel to turn off certain checks for signed drivers. This meant that a malicious rootkit author could essentially piggyback on ATI's legitimately signed driver to tamper with the Vista kernel."

12 of 248 comments (clear)

  1. So I read it right? by Wooky_linuxer · · Score: 4, Funny

    Vista has an anti-DRM mechanism built-in? Wow, and I thought Linux stood for free sofware... way to go Redmond!

    --
    Where is that guy who'd die defending what I had to say when I need him?
  2. Re:Let's blame Microsoft by bl8n8r · · Score: 4, Funny

    Very quickly.

    You must be new here, so I'll try and enlighten you.

    You see, Microsoft is a lot like the smelly kid in 3rd grade that
    used to drop a load in his shorts and not say anything while
    everyone wandered around trying to figure out what died, where.

    After a few of these episodes, whenever there was a strange smell,
    it would come to pass that the smelly kid dropped another load.

    Now, to make matters worse for the smelly kid, imagine him running
    around telling everyone that he has solved the problem*. People are
    relieved for a while until, guess what? The smelly kid drops another
    load. How can this happen, isn't this supposed to be fixed?

    This insane cycle of disappointment/re-assurance causes people to
    get cynical very quickly and as a result, causes people to start complaining
    very quickly.

    [*] - http://news.com.com/Allchin+Buy+Vista+for+the+secu rity/2100-1012_3-6032344.html

    --
    boycott slashdot February 10th - 17th check out: altSlashdot.org
  3. Comforting, in a way... by an.echte.trilingue · · Score: 4, Funny

    For my part, I'm not going to play the blame game since I don't know better either way. I am, however, in some strange way comforted to see that Windows users are starting to have issues with ATI drivers, too.

    All those years of trying to get fglrx to work, avenged!

    So, is that what you call passive aggression?

    --
    weirdest thing I ever saw: scientology advertising on slashdot.
  4. I see... by lixee · · Score: 2, Funny

    So the reason ATI is not giving us Linux users free drivers, is because they care about the security of our systems. Talk about irony!

    --
    Res publica non dominetur
  5. In Other News by Anonymous Coward · · Score: 1, Funny


      In Other News .... Dell Asks ATI for better windows vista drivers.

  6. Re:Let's blame Microsoft by jaavaaguru · · Score: 2, Funny

    the Linux kid will also drop a "load in his shorts"

    No, he will dump a core in his shorts.

    --
    Follow me
  7. Re:lol wut by jaavaaguru · · Score: 2, Funny

    Just like the OS market... look how Windows' price has risen and how much of an improvement Vista is over XP.

    --
    Follow me
  8. purple pill? O.o by Spy+der+Mann · · Score: 3, Funny
    I only knew about the red pill and the blue pill. Hmmmmmmmmmm........

    Morpheus: This is your last chance, Neo. After this, there is no turning back.
    You take the blue pill, the story ends, you awake in your bed and believe whatever you want to believe. You take the red pill, you stay in Wonderland, and I show you how deep the rabbit-hole goes.Remember: all I'm offering is the truth, nothing more.
    Neo: And the purple pill?
    Morpheus: Oh, the purple pill gets you high. I can't guarantee what happens later.
    Neo: I'll take the purple pill. (*gulp*)
    (After a short pause...)
    Whoa, dude, I can see what's behind the mirror! Whoa... everything's like computer code! I understand what the Matrix is now!!
    (Back in the nebuchadnezzar...)
    WE'RE LOSING HIM!
    Neo: I can fly dude!!! Excellent!!!
    Flatline: beeeeeeeeeeeeeeeeeeeeeeeep....

    (Some time later...)
    Trinity: Seriously, Morpheus. This is the 20th time we lose a potential "One" because of the purple pill!
    Morpheus: He wasn't "The One". "The One" would have survived.
    Trinity: Idiot.


    Now, seriously, what's "purple pill"?
  9. Re:Really cleaning up the Internet by frakfrakfrak · · Score: 2, Funny

    Your troll-fu is weak, Daniel-san. Only when you can praise Jon Katz will you be ready.

  10. Re:No shit by mhall119 · · Score: 4, Funny

    It makes me wonder what Microsoft's security qualifications really are for a signed kernel level driver. I believe they use the Verisign security test: If the check clears the bank, the code is secure.
    --
    http://www.mhall119.com
  11. Re:Let's blame Microsoft by mhall119 · · Score: 2, Funny

    I'd fire them.

    Heck, that solution is even cross-platform!

    --
    http://www.mhall119.com
  12. Re:trusted computing by Smauler · · Score: 2, Funny

    "I don't trust no one" means you trust everyone.

    Technically, no it doesn't. It means you trust someone, not necessarily everyone.