ATI driver package opens Vista to flaw

By Justin Mann on August 10, 2007, 10:36 PM
For all the praise Microsoft gave to the Vista kernel, touting it as robust and secure, it has taken quite a beating in the field. Just recently, Microsoft was forced to block a particular program that could result in “kernel compromise”, and even more recently something almost everyone takes for granted has done the same.

An ATI driver for video cards could potentially be used to compromise the kernel in Windows Vista. Apparently, one of the hackers who discovered the flaw had assumed it was already patched and released a tool that demonstrated such. He pulled the tool once he learned the flaw was “in the wild”:

In an interview, Ionescu confirmed his tool was exploiting a vulnerability in an ATI driver — atidsmxx.sys, version 3.0.502.0 — to patch the kernel to turn off certain checks for signed drivers. This meant that a malicious rootkit author could essentially piggyback on ATI’s legitimately signed driver to tamper with the Vista kernel.
Microsoft and AMD/ATI are already working together to fix the issue. Ultimately it was a way to load unsigned drivers into the Vista kernel, which Microsoft is relying on to help prevent a machine from getting compromised by either an enterprising hacker or a legit user wanting to bypass Vista's DRM.

While the security implications here aren't anything unusual, it does beg a question. If it is as easy as loading a signed but faulty driver into Vista to result in compromise, can they really claim they have increased security at all over XP?




User Comments: 2

Got something to say? Post a comment
Fornacis said:
...and in other news...ATI is falling apart...
Canadian said:
What version of Vista? 32 or 64 bit? I know alot of the enhanced security is only in the 64 bit version.
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.