14 DAY TRIAL // There is a veritable flood of ATI Radeon graphics card updates available from Microsoft. In fact, the volume of driver updates designed to address both 32-bit and 64-bit copies of Windows Vista running on systems also using ATI Radeon graphics cards is close to 40,000, as Microsoft explained. In the recent period, Windows Vista, especially the x64 editions, have faced a veritable onslaught via the drivers associated with ATI Radeon graphics cards. Microsoft worked closely with AMD ATI to correct the issue and is now serving Vista users updates through its own infrastructure.
Matthew Wetmore, Developer, WSUS (Windows Server Update Services) revealed that the approximately 4,000 updates synchronized with the WSUS 3 and WSUS 2 servers are not the result of an error, but just an example of poor management that will be corrected in the future. "Yes you will see the meta data synched for 3,976 versions of this driver, one for every unique hardware ID that it supports on Vista. That said, Keep in mind only metadata is synched down. The binaries are not synchronized until the driver is approved. But don't worry about having to cross reference every supported HW type that needs this driver in your environment. Just do a bulk approve (via multiselect and approve) and the clients which need a particular driver and the correct detection logic will do the right thing", Wetmore advised.
First off, Joanna Rutkowska, CEO of Invisible Things Labs in her session at Black Hat in Las Vegas illustrated how malicious code could take a piggyback ride on vulnerable ATI drivers in order to gain kernel level access in x64 Vista. Additionally, the Purple Pill, a tool authored by Alex Ionescu, also made use of faulty ATI drivers in order to load unsigned code into the core of x64 Vista. ATI subsequently introduced an update to the v7.8 Catalyst Package resolving the vulnerabilities. Wetmore stated that end users will by no means have to actually download almost 4,000 versions of the new driver.
"Also be assured that we really only have about 8MB total binary size for all these updates. All but 2 of the updates reference the binaries of primary packages for x86 & x64 so you will not be downloading 4MB x 3976. By all means don't just bulk decline these unless your positive you don't have this type of card in your environment. WSUS only synchs critical drivers and this is one. Hope this helps. We are changing the publishing process for the future, so that multiple HWIDs will be associated to one update in the future", Wetmore added.