Instead, Whitehouse went on, what Microsoft seems to have done is harden PatchGuard's defences so that when a piggyback attack does take place - for instance, a hacker uses a legitimate driver to inject his own code into the Vista kernel - the damage is minimised.
"It looks like they are trying to make it harder to do anything malicious once you've exploited vulnerabilities which allow code to be executed in the kernel, such as ATI driver/Atsiv, and so on," he said.
Microsoft wasn't much help in figuring out exactly what was beefed up by the PatchGuard update; the accompanying information was extremely vague. The MSRC's release manager, Simon Conant, was just as tight-lipped in a posting to the Center's blog. "The update adds additional checks to Kernel Patch Protection for increased reliability, performance and security," Conant said.
Vague or not, Whitehouse applauded Microsoft's move but cautioned against thinking the issue was dead and buried. "While these efforts should be commended, someone simply has to perform sufficient reverse engineering of the Vista kernel in order to locate the PatchGuard functionality in order to target that," he said.
Microsoft and Ionescu, the author of Purple Pill, could not be reached for comment.
Comments
Breathless said: All I want to do is be able to use Riva Tuner If that means not installing any stupid updates that prevent this then that is what I will do
Eugene said: my internet connection STOP WORKING after i installed KB932596 patch service not started error