The Inquirer-Home

ATI patches "purple pill"

24 hours from start to fix
Sun Aug 12 2007, 11:40
THERE IS A VISTA exploit called Purple Pill that targets Vista through graphics drivers. It made a lot of news last week among the security and hacker communities, but how the affected companies responded is quite illuminating.

The way it works is if a vulnerability exists in a driver, since the driver has kernel level access, a moronic design decision on MS's part that we will all pay for over the next few years, attack code can load into the kernel and run rampant. Without getting too much into the joke that is Vista security window dressing, lets just say from that point on, there is pretty much nothing you can do.

The current exploit was said to be a flaw in a graphics driver, and was later revealed to be an ATI driver flaw, specifically an exploit in the installer. The interesting point is not that a graphics driver, or any kernel level driver flaw can expose a system, it is how quickly ATI reacted to it.

According to ATI, it was first notified that its drivers were at fault last Thursday, and as of late Friday, there was still a chance that the fixed drivers could be posted that day. At worst, the patched drivers would be upped on Monday.

The problem centres on the installer rather than the driver, about 4MB of the approximately 35MB package. In a day or so, the flaw was found, patched, tested and posted. [Edit: It looks like the Catalyst 7.7s are now up, so I guess it is Monday] Since the drivers themselves are not changed, only the peripheral programs, they will still be labeled Catalyst 7.8, and scores should not change.

What is comes down to is that a minor bug in a driver installer can own a box, this is a Microsoft problem, not an ATI or Nvidia problem. Both companies can be used to poke a nose into a joke of an MS security model, but rather than holding the messenger's feet to the fire, we should put the blame where it is due, in Redmond.

As a side note, I wonder how NV would react to this situation. Its past reactions to bad news seems to be to shoot the messenger, and I wonder if that carries over to security as well. Since the hot exploit path to Vista for the next few months will be GPU related, I am sure we will find out. Won't this be fun to watch. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Heartbleed bug discovered in OpenSSL

Have you reacted to Heartbleed?