News Stay informed about the latest enterprise technology news and product updates.

Microsoft investigates Macrovision flaw

Attackers could hijack Windows machines by exploiting a flaw in the Macrovision security driver. Microsoft said it is working with Macrovision to fix the problem.

Microsoft is working with Macrovision to fix a zero-day Windows flaw attackers have actively exploited in recent...

weeks to hijack targeted machines.

Microsoft said late Monday that the flaw affects the Macrovision SafeDisc (secdrv.sys) copy protection software embedded in Windows Server 2003 and Windows XP. In Security Advisory 944653, Microsoft said it is aware of "limited attacks" exploiting the flaw and that it's "actively monitoring this situation to keep customers informed and to provide customer guidance as necessary."

The flaw has been public knowledge for nearly three weeks. On Oct. 19 the French Security Incident Response Team (FrSIRT) released advisory 3537 describing a memory corruption error in secdrv.sys that surfaces when the program tries to process user-supplied data. Attackers could exploit the flaw to gain elevated user privileges and "take complete control of an affected system," FrSIRT said.

On Oct. 16, Elia Florio of the Symantec Security Response Center blogged about privilege escalation exploits she had observed in the wild, and noted that Microsoft had been notified of the threat.

In its advisory, Microsoft noted that users can install a Macrovision update addressing the flaw in supported editions of Windows Server 2003 and Windows XP. However, Microsoft also plans to address the flaw in an upcoming security update.

"Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers … This will include providing a security update through our monthly release process," Microsoft said.

Dig Deeper on Emerging cyberattacks and threats

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.