Homepage tabWindows tabGames tabDrivers tabMac tabLinux tabScripts buttonMobile tabHandheld tabGadgets tabNews tab


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home / News / Microsoft / Security

Security

Faulty ATI and Nvidia Drivers Can Lead to a Complete Takeover of 64-bit Vista

Opening up the operating system's core

By Marius Oiaga, Technology News Editor

3rd of August 2007, 10:30 GMT

Adjust text size:



Enlarge picture
Faulty drivers from ATI and Nvidia are the right way to a complete takeover of 64-bit Windows Vista by circumventing the operating system's additional security mitigations designed to prevent unsigned code being loaded into the platform's core. This scenario was demonstrated at Black Hat 2007 in Las Vegas by security researcher Joanna Rutkowska, Founder/CEO of InvisibleThingsLab. Mandatory driver signing in 64-bit Vista is a security measure implemented to prevent malicious code being loaded into the platform's kernel, a technique specific of rootkits. However, Rutkowska proved that the x64 Vista driver signing mitigation can be
bypassed.

And in this context, emphasis has to fall on the fact that Vista is not entirely to blame. The fact of the matter is that a potential attacker could use faulty drivers as a key to the operating system's core. Rutkowska limited her demonstration to code released by AMD's ATI and Nvidia. But if two of the worlds most prominent graphics hardware makers managed to produce low quality drivers, permitting an eventual exploit to gain access to 64-bit Vista's core, then what does that tell you about the rest of the companies being able to access driver signing certificates.

"There are thousands, maybe tens of thousands of third-party drivers that are poorly written and could be a problem," Rutkowska estimated as cited by InternetNews, although her examples involved the ATI Catalyst driver and the NVIDIA nTune Driver. "The whole problem in NVIDIA is that the driver doesn't do the proper checks and can do a write for an arbitrary registry. The attacker could just include it as part of their own rootkit and then use it to exploit Vista. It doesn't matter whether it's a popular driver or not. We can bring it to the target system and exploit it."

The security measures set in place in 64-bit Vista to help mitigate the loading of unsigned kernel-mode code on the system are rendered useless by faulty third party code. But Microsoft's own security mechanism can be bypassed just as easily. A driver certificate that will only cost an attacker $250. And with a legitimate driver certificate for x64 Vista, access to the kernel will no longer represent an issue. "We can now sign whatever we want," Rutkowska commented. "No one can prove that I intentionally built a bug."

TAGS:

 Windows Vista | 64-bit | ATI | Nvidia
Read by 2,348 user(s) | Add comment | Link to this article TWEET THIS


Article rating:
Good (3.1/5) 8 vote(s)    

Subscribe to news | Print article | Send to friend

© Copyright 2001-2009 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


FAQ: Windows Vista SP1

Microsoft Updates 64-bit Windows Vista

Kaspersky Anti-Virus 7.0 + 64-bit Windows Vista

Microsoft Will Not Offer Vista's Reduced Functionality Mode to Third Parties, However...

Best 64-bit Windows Vista Anti-Virus

Norton Internet Security 2008 Beta for Windows Vista - Available Now

Windows Vista Ultimate and Enterprise BitLocker Drive Encryption

User opinions:


Comment #1 by: Lost Angel on 03 Aug 2007, 10:57 GMT reply to this comment

bullshit article - blame drivers for crappy OS security...
it is like writing "and actually our OS is most secure, just that if you install video drivers for it - it isn't quite as secure anymore"... What a load of crap...

That must be microsoft's strike back at nvidia's list of compatibility issues with vista...

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 




Windows tabGames tabDrivers tabMac tabLinux tabScripts tabMobile tabHandheld tabGadgets tabNews tab

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2009 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive