Buggy ATI Driver Leaves Vista Open to Attack
Author: Dave Lewis
Slowly but surely the repercussions of Black Hat drift out. Kernel drivers from ATI as one example are prone to problems as outlined in the article from eWeek:
Microsoft is working with AMD to fix a bug in an ATI driver that ships preinstalled on millions of laptops and which leaves the Vista kernel open to arbitrary memory writes by malicious driver authors.
It’s not just ATI—virtualization security researcher Joanna Rutkowska said during her presentation at Black Hat earlier in August that ATI, which is owned by AMD, and Nvidia are just two examples of particularly badly written drivers, and that there could be tens of thousands of vulnerable drivers out there.
The bug in the ATI driver is that it allows arbitrary memory writes. Malicious driver authors can use that flaw to load unsigned drivers via the standard loading mechanism.
The problem of insecure drivers first came up when some authors at Linchpin Labs created a tool called Atsiv. Atsiv is a kernel driver that introduced the ability to load unsigned drivers onto Microsoft operating systems, including Vista. The authors claim it was born as a research project to examine the effects of enforced driver signing.
Tags: ATI Driver Vulnerability, Vista Exploit
