Archive for the ‘ATI’ Category

Vista security flaw exposed by ATI driver

Monday, January 12th, 2009

One of the unpatched flaw within the drivers, that too, from ATI goes on to create a means for smuggling malware-past improved ‘security defences’ in new-fangled Windows version and in to Vista Kernel. Right now, Microsoft is found working with ‘ATI’ with regards to an update that, as warned by the security watchers might not be that entire straight forward for rolling-out.

The presence of security-flaw within driver of ATI is reported to have come to light following the release of POC, i.e. proof-of-concept tool known as Purple Pill by Alex lonescu, a developer, which is said to have created a simplified way of loading and unloading unsigned, i.e. potentially malicious drivers with regards to Vista. Utility of this type has circumvented novel anti-rootkit defences that were constructed in to Vista by having turned off checks concerned with signed drivers.

Lonescu went on to pull utility hours (after release) after having realized that ATI driver flaw Purple is still left out, in terms of patching. Lonescu had picked this fact up during a presentation conducted by Joanna Rutkowska, a ‘Vista Kernel Expert’.

For the people who have no knowledge about ATI, let it be made clear that Purple Pill’s functionality is identical to Atsiv, i.e. a tool solely designed by Linchpin Labs, a developer of Australian origin. This design was considered to be a portion of research project concerned with driver signing. The response of Microsoft to Atsiv’s creation was by having revoked its certificate as well as classifying its utility in the form of ‘malware’, much to chagrin of ‘Linchpin Labs’. Technocrats would be surprised to know that Atsiv has gotten evolved in to a project which permits legacy hardware’s users to have used their kit with regards to Vista, that too, without any of the signed drivers.

Having followed an identical approach for ‘Purple Pill’ is not straight forward as mentioned above as such a thing piggybacks on the security certificate for hardware driver which has been installed in 50% of laptops.

As per the opinion of Ollie Whitehouse, one of the security researchers at Symantec, the above-mentioned situation can make just anyone associated with Microsoft start to weep. ATI would have to obtain a novel certificate, move ahead with signing fixed versions regarding the affected drivers, and release them through Windows Update. Just then Microsoft would get VeriSign for revoking the ‘signing certificate’.

All these things highlight broader problems in Vista’s code-signing. Atsiv has showed that getting an age-old code signed is very simple. As per the illustration of Purple Pill, signed drivers also have bugs. Symantec goes on to reckon design error occurring in driver of ATI as one of the ‘short-cuts’ designed for making the procedure of software development much more straightforward than ever before. Now, you can go on to imagine that such a thing has come about owing to one of the requirements for extending the core driver with many arbitrary modules with respect to design of ATI.