Article

Microsoft investigates Macrovision flaw

Bill Brenner

Microsoft is working with Macrovision to fix a zero-day Windows flaw attackers have actively exploited in recent weeks to hijack targeted machines.

Microsoft said late Monday that the flaw affects the Macrovision SafeDisc (secdrv.sys) copy protection software embedded in Windows Server 2003 and Windows XP.

    Requires Free Membership to View

In Security Advisory 944653, Microsoft said it is aware of "limited attacks" exploiting the flaw and that it's "actively monitoring this situation to keep customers informed and to provide customer guidance as necessary."

The flaw has been public knowledge for nearly three weeks. On Oct. 19 the French Security Incident Response Team (FrSIRT) released advisory 3537 describing a memory corruption error in secdrv.sys that surfaces when the program tries to process user-supplied data. Attackers could exploit the flaw to gain elevated user privileges and "take complete control of an affected system," FrSIRT said.

On Oct. 16, Elia Florio of the Symantec Security Response Center blogged about privilege escalation exploits she had observed in the wild, and noted that Microsoft had been notified of the threat.

In its advisory, Microsoft noted that users can install a Macrovision update addressing the flaw in supported editions of Windows Server 2003 and Windows XP. However, Microsoft also plans to address the flaw in an upcoming security update.

"Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers … This will include providing a security update through our monthly release process," Microsoft said.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: