“Apparently an unpatched flaw in an ATI driver allows hackers to load unsigned drivers onto Vista. The flaw was at the center of the Purple Pill proof-of-concept tool that exposed a way to tamper with the Windows Vista kernel.
Purple Pill, a utility released by Alex Ionescu and yanked an hour later after the kernel developer realized that the ATI driver flaw was not yet patched, provided an easy way to load unsigned drivers onto Vista — effectively defeating the new anti-rootkit/anti-DRM mechanism built into Microsoft’s newest operating system. ”
Here is some more Tech News from around the web:
- New version of Windows XP on the way @ The Inquirer
- PCI Express v3 specced up @ The Inquirer
- Philips 7FF1AW Digital PhotoFrame @ HEXUS
- Lenovo preloads ThinkPads with Novell Linux @ IT Business
- Targus Desktop USB 2.0 4-port hub @ motherboards.org
- Ubuntu 7.10 Gutsy Gibbon Tribe 4 @ Phoronix
- Gaming Heaven AMD Competition: Win one of 45 Copies of Call Of Juarez
- The Atlas Mech Case Mod @ ExtremeTech
Beware of Vista drivers bearing a purple pill, says this story on [H]ard|OCP. AMD/ATI’s drivers open up a vulnerability in Vista which could allow unsigned programs to be installed silently if they are piggybacked into the installation program. The creator of the tool that allows this posted it to his site for just over an hour, under the assumption that the vulnerability had been patched. When he discovered it wasn’t, he pulled it.