AMD Drivers Prevent Microsoft's Security Feature
AMD's video drivers prevent Microsoft's Exploit Mitigation Experience Toolkit (EMET) from operating correctly, potentially leaving systems valnuarable to attacks, US Computer Emergency Readiness Team (US-CERT) said today.
Acording to CERT's report, AMD's drivers are not fully compatible with a vulnerability mitigation feature called Address Space Layout Randomization (ASLR). ASLR serves to make it harder for software vulnerabilities to be exploited by randomizing certain program structures in memory, so that the addresses of these structures cannot reliably be predicted and attacked.
ASLR was introduced first in Windows Vista as a per-program feature that is only enabled with applications that are flagged as being compatible. However, specific requiring higher security can use the Enhanced Mitigation Experience Toolkit (EMET) to enable ASLR across the system, which activates ASLR for all programs. According to US-CERT, AMD's video drivers are not ASLR compatible. Turning on ASLR will cause AMD's drivers to crash (BSOD), making always-on ASLR unusable on systems using AMD's drivers.
"The interesting impact of this incompatibility is that Microsoft Windows systems that have an AMD or an ATI video chip cannot be secured as well as systems with video chips that have ASLR-compatible drivers," CERT said in a blog post. "In other words, environments that require the utmost security against attacks should avoid AMD/ATI video cards until the drivers support system-wide ASLR."
AMD said that the non-default settings used to produce the system crash at start-up as reported by CERT require changing a System Registry key for the tool, which was not documented until the CERT report was published, and is not accessible through the EMET tool itself.
Users of AMD graphics products will face the problem outlined by the CERT report if their EMET settings are modified, and will otherwise not experience the issue in question, according to AMD. The company will also release a driver designed to ensure that a crash does not take place under the conditions outlined by CERT.
ASLR was introduced first in Windows Vista as a per-program feature that is only enabled with applications that are flagged as being compatible. However, specific requiring higher security can use the Enhanced Mitigation Experience Toolkit (EMET) to enable ASLR across the system, which activates ASLR for all programs. According to US-CERT, AMD's video drivers are not ASLR compatible. Turning on ASLR will cause AMD's drivers to crash (BSOD), making always-on ASLR unusable on systems using AMD's drivers.
"The interesting impact of this incompatibility is that Microsoft Windows systems that have an AMD or an ATI video chip cannot be secured as well as systems with video chips that have ASLR-compatible drivers," CERT said in a blog post. "In other words, environments that require the utmost security against attacks should avoid AMD/ATI video cards until the drivers support system-wide ASLR."
AMD said that the non-default settings used to produce the system crash at start-up as reported by CERT require changing a System Registry key for the tool, which was not documented until the CERT report was published, and is not accessible through the EMET tool itself.
Users of AMD graphics products will face the problem outlined by the CERT report if their EMET settings are modified, and will otherwise not experience the issue in question, according to AMD. The company will also release a driver designed to ensure that a crash does not take place under the conditions outlined by CERT.
