As part of its "Patch Tuesday" series of security patches earlier this week, Microsoft also quietly issued an update for the x64 (64-bit) versions of Windows Vista that bolsters the security of a controversial feature called Kernel Patch Protection. What's odd about this release is that Microsoft isn't characterizing it as a security patch, though it did take the rare step of pushing it to customers through Automatic Updates.
"The update adds additional checks to Kernel Patch Protection for increased reliability, performance and security," a post at Microsoft's Security Response Center reads. "While this updates adds additional checks to the Kernel Patch Protection system, it does not involve a security vulnerability. Known methods that allow the kernel to be patched on systems where Kernel Patch Protection is enabled require a system to already be compromised by an attacker."
Kernel Patch Protection is a technology implemented only the 64-bit versions of recent Windows versions that prevents unknown software from modifying the Windows kernel at runtime. Microsoft feels that this technology will result in more reliability and stability, but security companies such as Symantec and MacAfee complained that it prevents them from providing the same levels of functionality that they do with 32-bit Windows versions. As a result, Microsoft plans to update this feature in Windows Vista Service Pack 1 (SP1), due in 2008, to allow these companies to more directly access the kernel. It's unclear whether this decision will result in less stable and reliable systems.
Microsoft also noted that it plans to periodically update Kernel Patch Protection in the future, indicating that this was just the first of such updates. The company is responding, no doubt, to a recent wave of software utilities designed to bypass Kernel Patch Protection and other security features that are unique to the 64-bit versions of Vista.