Shack0ption writes "An unpatched flaw in an ATI driver was at the center of the mysterious Purple Pill proof-of-concept tool that exposed a way to maliciously tamper with the Windows Vista kernel. The utility, released by Alex Ionescu and yanked an hour later after the kernel developer realized that the ATI driver flaw was not yet patched, provided an easy way to load unsigned drivers onto Vista — effectively defeating the new anti-rootkit/anti-DRM mechanism built into Microsoft's newest operating system. Ionescu confirmed his tool was exploiting a vulnerability in an ATI driver — atidsmxx.sys, version 3.0.502.0 — to patch the kernel to turn off certain checks for signed drivers. This meant that a malicious rootkit author could essentially piggyback on ATI's legitimately signed driver to tamper with the Vista kernel." Link to Original Source
This discussion was created for logged-in users only, but now has been archived.
No new comments can be posted.
This is the kind of carelessness I have seen and expected all along from Microsoft - ever since they failed to put any security in their software, even basic file or directory locking to keep certain information confidential or even secret, forcing users to either write their own or purchase other patches or software to accomplish something which MS's engineers should have provided in the origional package. Since then we've had MS include spyware in its own software (the origional version of Win98) since re
ATI Exposes Flaw to the Vista Kernal (Score:1)