ATI Driver Flaw Exposes Vista Kernel to Attackers 248
Shack0ption writes "An unpatched flaw in an ATI driver was at the center of the mysterious Purple Pill proof-of-concept tool that exposed a way to maliciously tamper with the Windows Vista kernel. The utility, released by Alex Ionescu and yanked an hour later after the kernel developer realized that the ATI driver flaw was not yet patched, provided an easy way to load unsigned drivers onto Vista — effectively defeating the new anti-rootkit/anti-DRM mechanism built into Microsoft's newest operating system. Ionescu confirmed his tool was exploiting a vulnerability in an ATI driver — atidsmxx.sys, version 3.0.502.0 — to patch the kernel to turn off certain checks for signed drivers. This meant that a malicious rootkit author could essentially piggyback on ATI's legitimately signed driver to tamper with the Vista kernel."
So I read it right? (Score:5, Funny)
Re:Let's blame Microsoft (Score:5, Funny)
You must be new here, so I'll try and enlighten you.
You see, Microsoft is a lot like the smelly kid in 3rd grade that
used to drop a load in his shorts and not say anything while
everyone wandered around trying to figure out what died, where.
After a few of these episodes, whenever there was a strange smell,
it would come to pass that the smelly kid dropped another load.
Now, to make matters worse for the smelly kid, imagine him running
around telling everyone that he has solved the problem*. People are
relieved for a while until, guess what? The smelly kid drops another
load. How can this happen, isn't this supposed to be fixed?
This insane cycle of disappointment/re-assurance causes people to
get cynical very quickly and as a result, causes people to start complaining
very quickly.
[*] - http://news.com.com/Allchin+Buy+Vista+for+the+sec
Comforting, in a way... (Score:5, Funny)
All those years of trying to get fglrx to work, avenged!
So, is that what you call passive aggression?
I see... (Score:3, Funny)
In Other News (Score:1, Funny)
In Other News
Re:Let's blame Microsoft (Score:3, Funny)
No, he will dump a core in his shorts.
Re:lol wut (Score:3, Funny)
purple pill? O.o (Score:4, Funny)
Now, seriously, what's "purple pill"?
Re:Really cleaning up the Internet (Score:2, Funny)
Re:No shit (Score:5, Funny)
Re:Let's blame Microsoft (Score:3, Funny)
Heck, that solution is even cross-platform!
Re:trusted computing (Score:2, Funny)
"I don't trust no one" means you trust everyone.
Technically, no it doesn't. It means you trust someone, not necessarily everyone.