Organisations running high security environments are being advised to avoid AMD or ATI video cards which could trigger a ‘blue screen of death’ (BSOD) freeze due to a failure to implement important anti-exploitation technologies.
The problem with AMD and ATI’s video cards, according to researchers at Carnegie Mellon’s CERT.org, is that their drivers do not support Address Space Layout Randomisation (ASLR) and Data Execution Prevention (DEP).
ASLR and DEP help mitigate memory exploitation attacks and are technologies Microsoft enabled in versions of Windows after XP and Server 2003.
A piece of software that does not enable ASLR and DEP by default is not uncommon, Rapid 7 researcher Marcus Carey told CSO.com.au. “There is an industry wide failure to run ASLR. Microsoft, of course, uses it for most of their products, but third parties have been sluggish with adoption and implementation,” he said.
CERT.org acknowledged this, but notes that high security environments would use Microsoft’s Exploit Mitigation Experience Toolkit (EMET) to force software that hasn’t enabled DEP and ASLR to do so.
The impact is that because they are drivers, as opposed to other software such as browser, it falls in to the class of software that could trigger a BSOD event.
“If ASLR is enabled system-wide on a system that has AMD or ATI video drivers installed, then the machine may fail to boot properly, resulting in a "BSOD" crash.”
The net result for organisations that place a high value on security is that Windows systems with an AMD or ATI video chip are less secure than machines with chips that have ASLR-compatible drivers, according to CERT.org.
“In other words, environments that require the utmost security against attacks should avoid AMD/ATI video cards until the drivers support system-wide ASLR,” it said.
The potential BSOD may be unwanted, but Carey said a non-ASLR enabled driver is probably a lower risk than an inadequately secured web browser.
“Something that actually touches the Internet is more serious to me because exploiting local things are much harder.”
Even so, there’s no reason why AMD, ATI and the roughly 65 per cent of applications that fail to fully implement ASLR should be not be enabling the security feature.
“ASLR isn't really difficult to implement, some developers aren't aware of using the tools that Microsoft provides them to write secure code and applications,” said Carey.