The reported tightening of Windows Vista kernel defenses, which resulted in the issue of an updated Kernel Patch Protection (KPP), also known as PatchGuard, had nothing to do with the recent kernel hacks, Microsoft said.

Russ Humphries, a senior product manager on the Vista team said Vista driver signing and KPP technologies are complimentary and are not cojoined, and the update to KPP has no relationship to the ATI driver issue or recent issues related to code signing.

Humphries said that the driver signing is not designed to confirm the “intent” of signed code or whether exploitable bugs or malicious code is present. However, it is a method to better track the author in the event that a reliability issue, vulnerability, or malware is discovered. KPP, on the other hand, helps protect code and critical structures in the Windows kernel from modification, he added.

Microsoft Security Response Center (MSRC) advisory clearly states that “The update does increase the reliability, performance, and resiliency provided by Kernel Patch Protection. It adds additional checks to the KPP system and does not involve security vulnerability.”

The updated PatchGuard was issued to Vista 64-bit users and is available as a high-priority download through Windows Update.

---

Related:

Microsoft tightens Vista kernel defenses, updates PatchGuard

Vista SP1 updates operating system kernel

Vista updates look for illegally licensed copies

Vista SP1 to block activation hacks

Vista SP1 fails to stop software pirates

Entry was posted on Thursday, August 16th, 2007 at 11:44 pm under Security, Vista.  Print This Post

Read more entries by Ruben Francia.