Vista blocks kernel rootkit attack
TechWeb | at | by Mike
Noted security analyst Joanna Rutkowska, who this summer demonstrated attack tactics that would get around Windows Vista's new anti-rootkit protection, said Thursday that the newest build of the OS blocks that exploit route.
In the 64-bit version of Windows Vista, all kernel-mode drivers must be digitally signed, a change from earlier Windows, which encouraged signed drivers but didn't require them. This summer, Rutkowska, who works for Singapore-based security company COSEINC, showed off an attack that allowed unsigned drivers to access Vista's kernel, a technique that if used by hackers, would let them drop a rootkit into the new operating system.