When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

ATI Driver Flaw Leaves Vista Kernel Open To Attacks

An unpatched flaw in drivers from ATI creates a security hole to sneak malware past the improved security features in Windows Vista and straight to the Vista Kernel. Microsoft says that they are working with ATI to release an update and security watchers think that might be far from straightforward to roll-out. The existence of this flaw in ATI's driver came about after a developer released a proof-of-concept tool call "Purple Pill" which creates an easy way to load and unload unsigned and potentially malicious drivers on Windows Vista. The utility can be used to circumvent new anti-rootkit defenses that are built into Windows Vista by turning off checks for signed drivers.

The developer that wrote the "Purple Pill" tool pulled the utility hours after its release and realizing that the ATI driver flaw "Purple Pill" uses, which was recently presented by Vista Kernel security expert Joanna Rutkowska at Black Hat last week. The functionality of "Purple Pill" is similar to that of "Atsiv" a tool which was designed by Linchpin Labs in Austrailia and is part of a research project into driver signing. Microsoft recently responded to the development of "Atsiv" by revoking it's license and classifying it as malware, much to Linchpin Labs' surprise. "Atsiv" had evolved into a project that allowed users using legacy hardware to deploy Windows Vista and to install unsigned drivers for the legacy hardware.

News source: thewindowsblog.net

Report a problem with article
Next Article

Spyware Terminator 2.0.0.193

Previous Article

Exposed: What MS Doesn't Want You to Receive

Join the conversation!

Login or Sign Up to read and post a comment.

19 Comments - Add comment