AMD developing patch for ATI security flaw
Company plans to issue critical security fix for its ATI driver, which could expose the Vista kernel to malicious attackers.
Advanced Micro Devices plans to issue a critical security fix Monday afternoon for a flaw in its ATI driver, which currently could expose the Vista kernel to malicious attackers.
AMD's ATI, as well as competitors Nvidia and other graphics chipmakers, were cited as having poorly written drivers, which could allow malicious attackers to use the technology as an entry point for writing code to the Vista kernel, according to a recent article in the Inquirer.
AMD plans to release a new ATI Catalyst package this afternoon, said Jon Carvill, an AMD spokesman.
"The market recently discovered a potential security vulnerability that could impact AMD's Catalyst software package. After immediate investigation, AMD determined that a small section of code from one of the files in our installer package is potentially vulnerable," Carvill said.
AMD is advising ATI Radeon graphics users to update to Catalyst version 7.8 once it is available at its software and drivers site.
Nvidia, meanwhile, said it's aware of the reports and is investigating them. If Nvidia finds any vulnerabilities, it will post a fix for them post haste, an Nvidia spokesman said.
Microsoft also has weighed in with its own comments too: "We are aware of an issue reported in an ATI driver that is potentially vulnerable. Microsoft is in contact with ATI to help address this issue and once fixed we will assist in getting it to our customers."
The proof-of-concept code was briefly made public at Black Hat, then quickly yanked when the researcher realized no patch had been issued for the security flaws, according to an interview with Alex Ionescu by Zero Day blogger Ryan Naraine on ZDNet.
Call it the proverbial "oops."
AMD has issued its update. It can be found here.