NOW READ THIS
("Security Advisory")
| Go Back |
Submitted by: Bill Hickey
NCVA List Master
NRT-0268 Utility Evades VISTA Kernel Defenses:
Among 64-bit VISTA's security provisions is on new to Microsoft's operating systems: only digitally signed code can be loaded into the kernel. Under those new rules, a signed certificate available must accompany code destined for the kernel - typically drivers - from a limited number of issuing authorities. Drivers not equipped with a legitmate certificate aren't loaded. But now Symantec warns of a free utility that can load unsigned drivers into the kernel, circumvent this security feature. The free utility from Australian developer LinchpinLabs called Atsiv is a command line tool that loads its own appropriate driver, which in turn allows loading of other unsigned drivers due to the implementation of their PE loader. Symantec said the only way Microsoft can enforce its ban on unsigned kernel code is to revoke their certificate. Microsoft did not immediately reply to questions about whether it would revoke the certificate used by Atsiv.
(ComputerWorld 30JUL07)