14 DAY TRIAL // Researchers from the Carnegie Mellon Computer Emergency Readiness Team (CERT/CC) have discovered that AMD (or ATI) video drivers are not perfectly compatible with the Microsoft EMET, thus potentially exposing some users. AMD has responded, promising to take care of the problem.
Microsoft EMET is a utility that’s designed to prevent cybercriminals from exploiting vulnerabilities in products by leveraging DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) techniques.
The problem occurs because not all software, including AMD’s video driver, is compatible with ASLR. While ASLR can be manually enabled for only specific programs, EMET’s highest security settings forcefully enables it for all pieces of software installed on a system.
This means that AMD customers who utilize EMET with a specific configuration will experience system crashes because of the incompatibility.
“The most critical example of this is the driver software for AMD and ATI video chips. If ASLR is enabled system-wide on a system that has AMD or ATI video drivers installed, then the machine may fail to boot properly, resulting in a ‘BSOD’ crash,” Will Dormann of CERT/CC explained.
US-CERT, which also released a vulnerability note based on CERT/CC’s research, advises users who depend on the security features offered by ASLR to install standard VGA drivers or utilize a different video adapter type.
According to AnandTech, AMD has released a statement in response to the research.
“The presence of an issue does not necessarily mean that this issue can be exploited in regular operation of a system. The default safety settings of the EMET do not cause the issue in question to occur,” AMD representatives said.
“The non-default settings used to produce the system crash at start-up as reported by CERT require changing a System Registry key for the tool (named ‘EnableUnsafeSettings’), which was not documented until the CERT report was published, and is not accessible through the EMET tool itself,” they added.
“Given that the conditions created by CERT are a departure from the default safety settings of the Microsoft EMET, users of AMD graphics products will face the problem outlined by the CERT report if their EMET settings are modified, and will otherwise not experience the issue in question.”
Furthermore, in the upcoming period AMD plans on releasing a new driver that will not cause crashes in the circumstances highlighted by the CERT.