Endpoint Protection

 View Only

ATI’s penicillin to PurplePill and the PatchGuard patch that wasn’t 

Aug 24, 2007 03:00 AM

Here is a short update to bring this latest chapter in Vista’s security fairytale finally to a close.

On Monday the 13th of August, ATI patched their Catalyst drivers to resolve the vulnerability that PurplePill exploited. ATI should be commended with the speed and agility theyresponded to the issue, although one has to wonder if Microsoft had ahand in this.

It’s still not clear on how they are going to deal with thedistribution of this update (there's some conjecture around usingWindows Update) and revocation of the old driver. Patching it is onething, but they can’t leave the old driver floating round indefinitely- or can they? So anyway, along with patch Tuesday came an update toPatchGuard; it’s not clear what extra “resilience” is added in thisdriver, but could this be designed to complicate exploitingvulnerabilities such as those in the ATI driver? Well it’s not clearcurrently – it would be logical for Microsoft to continually updatePatchGuard to obfuscate, misdirect and complicate exploitation byprotecting more key kernel structures while adjusting how the kernelimplements PatchGuard protection.

So, with the ATI vulnerability closed and Microsoft’s recent improvements to PatchGuard- which seems slightly confused on whether it’s a security update ornot - we’ll have to wait for the next driver vulnerability to be found.Plus, while we’re discussing the PatchGuard patch, why doesn’tMicrosoft consider that it addresses a security vulnerability? Well, ifwe look at the advisory we can see they state:

“While this update adds additional checks to the Kernel PatchProtection system, it does not involve a security vulnerability. Knownmethods that allow the kernel to be patched on systems where KernelPatch Protection is enabled require a system to already be compromisedby an attacker.”

Alright then! But improvements are good and, well, making PatchGuard harder to subvert is always a good thing.

Until next time…

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Related Entries and Links

No Related Resource entered.