Macrovision update plugs zero-day DRM exploit
PrintThe one that got away
Posted in Software & Security, 6th November 2007 12:55 GMT
Free whitepaper – What Exchange can't do - and Dell can
Macrovision has published a patch defending against a security vulnerability in its SafeDisc copy protection software that has become the target of a hacker attack.
The Macrovision update comes 20 days after the security vulnerability was discussed in non-specific terms on Symantec's Security Response Weblog. The flaw, though Symantec wasn't specific on this, involves a privilege elevation bug in Macrovision secdrv.sys driver that comes bundled with Windows XP and 2003 (though not Windows Vista).
Although the bug is relatively mild (a glass of beer, perhaps, compared to the Pan Galactic Gargle Blaster effects of the likes of other Windows flaws), it still captured the imagination of hackers, probably because it involved DRM software. Exploit code leaked onto the net leading to "limited attacks" since, Microsoft said on Monday.
The publication of a security advisory by Microsoft coincided with the release of an update from Macrovision. Windows XP and Windows Server 2003 users are advised to apply the Macrovision update, which is due to be rolled out automatically as part of the next Patch Tuesday update on 13 November. ®
Free whitepaper – Managing desktop software for fun and profit
The Register Agile Data Center Summit
Straight Talk with Dell: Sending out an SaaS
Seven ways to optimize VMware server virtualization
Automating the Acquisition Process with Enterprise Level CRM
Sign up, sign up for The Register IT security newsletter
Microsoft's Windows 7 price gamble - and why it's flawed
Managing Desktop Software for fun and profit
Intel's flash new SSDs hit by bugs