AMD has released a patch for its ATI Catalyst drivers toÂ remove the possibilityÂ of themÂ being used as an attack vector to circumvent the improved security defensesÂ of Vista..
The ATI driver flaw was highlighted by Joanna Rutkowska, security researcher and founder of Invisible Things Lab, at the Black Hat conference early this month as an illustration of why the Vista kernel protection doesnâ€™t work.
TheÂ flaw was later exploited by a proof-of-concept-tool, Purple Pill, released by security researcher Alex Ionescu,Â that patches theÂ Vista kernel to turn off certain checks for signed drivers, which means any malicious rootkit author could piggyback on ATIâ€™s legitimately signed driver to tamper with the Vista kernel.
ATI has confirmed the bug, which affects the AMD Catalyst software package and strongly urged users to download the patch, Catalyst version 7.8.
While the bug has been patched, it doesnâ€™tÂ mean thatÂ VistaÂ is reallyÂ secure OS. Considering that there are several hundreds of third-party drivers that are poorly written, the same problemÂ could occur again and again.
In addition, an attacker could make their own malicious driver, get the driver certified to use for an attack.
And because Microsoft has no way of knowing in advance whether a driver has a bug, or has been made explicitly for the purpose of corrupting the Vista kernel,Â the companyÂ needs to come up with aÂ plan on how it can protect its Vista kernel better.