ATI显卡驱动程序出现一个异常严重的漏洞，黑客可以利用这个漏洞直接恶意攻击和入侵Windows vista的系统内核。

　　该漏洞被发现一个小时后，Alex Ionescu开发的Purple Pill这个工具就已经出现，它能用极其简单的办法把没有数字签名的驱动加载入Windows最新系统（vista）的驱动层。像anti-rootkit/anti-DRM这些模块都可以很轻松的写入Windows vista内核中去。

　　在接受采访时，Ionescu证实了他的这个Purple Pill工具的存在，其利用的ATI驱动驱动中的ATIdsmxx.sys（版本3.0.502.0）的漏洞。该工具可以修改Windows vista内核，关掉签名检查机制，恶意的rootkit作者就可以搭ATI的合法签署驱动器，撬开操作系统内核大门！

vista之家（www.vista123.com）特别提供英文原文如下：

ATI driver flaw exposes vista kernel to attackers
An unpatched flaw in an ATI driver was at the center of the mysterious Purple Pill proof-of-concept tool that exposed a way to maliciously tamper with the Windows vista kernel.

Purple Pill, a utility released by Alex Ionescu and yanked an hour later after the kernel developer realized that the ATI driver flaw was not yet patched, provided an easy way to load unsigned drivers onto vista — effectively defeATIng the new anti-rootkit/anti-DRM mechanism built into Microsoft’s newest operATIng system.

In an interview, Ionescu confirmed HIS tool was exploiting a vulnerability in an ATI driver — ATIdsmxx.sys, version 3.0.502.0 — to patch the kernel to turn off certain checks for signed drivers. THIS meant that a malicious rootkit author could essentially piggyback on ATI’s legitimately signed driver to tamper with the vista kernel.<完>

注：在本文截稿时，笔者已经收到另外一条消息，大概意思是ATI称这个bug的问题应该是来源于vista（微软），而并非ATI。请大家继续关注泡泡网显卡频道给大家带来的第一时间新闻信息。