Slashdot Mirror

← Back to Stories (view on slashdot.org)

ATI Driver Flaw Exposes Vista Kernel to Attackers

Posted by CowboyNeal on from the sneaking-in dept.

Shack0ption writes "An unpatched flaw in an ATI driver was at the center of the mysterious Purple Pill proof-of-concept tool that exposed a way to maliciously tamper with the Windows Vista kernel. The utility, released by Alex Ionescu and yanked an hour later after the kernel developer realized that the ATI driver flaw was not yet patched, provided an easy way to load unsigned drivers onto Vista — effectively defeating the new anti-rootkit/anti-DRM mechanism built into Microsoft's newest operating system. Ionescu confirmed his tool was exploiting a vulnerability in an ATI driver — atidsmxx.sys, version 3.0.502.0 — to patch the kernel to turn off certain checks for signed drivers. This meant that a malicious rootkit author could essentially piggyback on ATI's legitimately signed driver to tamper with the Vista kernel."

4 of 248 comments (clear)

  1. So I read it right? by Wooky_linuxer · · Score: 4, Funny

    Vista has an anti-DRM mechanism built-in? Wow, and I thought Linux stood for free sofware... way to go Redmond!

    --
    Where is that guy who'd die defending what I had to say when I need him?
  2. Re:Let's blame Microsoft by bl8n8r · · Score: 4, Funny

    Very quickly.

    You must be new here, so I'll try and enlighten you.

    You see, Microsoft is a lot like the smelly kid in 3rd grade that
    used to drop a load in his shorts and not say anything while
    everyone wandered around trying to figure out what died, where.

    After a few of these episodes, whenever there was a strange smell,
    it would come to pass that the smelly kid dropped another load.

    Now, to make matters worse for the smelly kid, imagine him running
    around telling everyone that he has solved the problem*. People are
    relieved for a while until, guess what? The smelly kid drops another
    load. How can this happen, isn't this supposed to be fixed?

    This insane cycle of disappointment/re-assurance causes people to
    get cynical very quickly and as a result, causes people to start complaining
    very quickly.

    [*] - http://news.com.com/Allchin+Buy+Vista+for+the+secu rity/2100-1012_3-6032344.html

    --
    boycott slashdot February 10th - 17th check out: altSlashdot.org
  3. Comforting, in a way... by an.echte.trilingue · · Score: 4, Funny

    For my part, I'm not going to play the blame game since I don't know better either way. I am, however, in some strange way comforted to see that Windows users are starting to have issues with ATI drivers, too.

    All those years of trying to get fglrx to work, avenged!

    So, is that what you call passive aggression?

    --
    weirdest thing I ever saw: scientology advertising on slashdot.
  4. Re:No shit by mhall119 · · Score: 4, Funny

    It makes me wonder what Microsoft's security qualifications really are for a signed kernel level driver. I believe they use the Verisign security test: If the check clears the bank, the code is secure.
    --
    http://www.mhall119.com