ATI update against PurplePill vulnerability
The security vulnerability which Alex Ionescu's PurplePill exploited to load unsigned code into the kernel of the 64-bit version of Vista is being closed by AMD/ATI with a new driver version. The vulnerability, which enables bypassing the existing kernel mode code signing policy in the 64-bit Vista version, was not located in the driver but in the software installer, according to the manufacturer.
The AMD/ATI press spokesman Jon Carvill offered the following comment to heise Security: "AMD determined that a small section of code from one of the files in our installer package is potentially vulnerable." Catalyst version 7.8 eliminates the vulnerability. AMD/ATI strongly recommends that all users of Radeon graphic cards install the updated driver. In addition, AMD/ATI and Microsoft are investigating further distribution channels for the update – AMD/ATI is thereby probably referring to the Windows update mechanism. Carvill also implies that other manufacturers have this type of security vulnerability in their products too: "This vulnerability was not exclusive to AMD." AMD/ATI is not divulging any details about the vulnerability, however.
Under Windows 2000 and XP, some manufacturers were struggling with the complexity of the assignment of privileges for services, and therefore distributed installers which assigned privileges incorrectly, thus allowing users to extend their access privileges. Microsoft released a patch to eliminate this. The present fault is possibly a similar security vulnerability, which Microsoft might also eliminate with an update.
- Download the Catalyst driver, version 7.8