The Register® — Biting the hand that feeds IT

Feeds

Macrovision update plugs zero-day DRM exploit

The one that got away

By John Leyden, 6th November 2007
  • print
  • alert

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

Macrovision has published a patch defending against a security vulnerability in its SafeDisc copy protection software that has become the target of a hacker attack.

The Macrovision update comes 20 days after the security vulnerability was discussed in non-specific terms on Symantec's Security Response Weblog. The flaw, though Symantec wasn't specific on this, involves a privilege elevation bug in Macrovision secdrv.sys driver that comes bundled with Windows XP and 2003 (though not Windows Vista).

Although the bug is relatively mild (a glass of beer, perhaps, compared to the Pan Galactic Gargle Blaster effects of the likes of other Windows flaws), it still captured the imagination of hackers, probably because it involved DRM software. Exploit code leaked onto the net leading to "limited attacks" since, Microsoft said on Monday.

The publication of a security advisory by Microsoft coincided with the release of an update from Macrovision. Windows XP and Windows Server 2003 users are advised to apply the Macrovision update, which is due to be rolled out automatically as part of the next Patch Tuesday update on 13 November. ®

Agentless Backup is Not a Myth

COMMENTS

House Rules Send Corrections
All Reader Comments (2)
Latest Comments
Gordon Fecyk

Priv Elevation "Relatively Mild?!" Compared to what?

I suppose since everyone runs their machines with full Administrator access anyways, that a privilege elevation bug is much lower on the priority list than a bug in some user-level app that the ignorant user's running under said-full-Admin access.

By comparison, I treat privilege elevation bugs as VERY high priority. Well, because no one I consult for runs with full admin BECAUSE of all of the so-called "high priority" bugs out there... and yes, that includes myself.

And Vista isn't vulnerable... guess that's as good a reason as any to upgrade!

0
0
David Austin

Sod the DRM Angle...

More Hitchhiker analogies in stories, please.

0
0

More from The Register

breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
breaking news
Number of cops abusing Police National Computer access on the rise
Only a telegram from the Queen can get you off it
121
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17
breaking news
'BadNews is malware' says outfit that found it
Google says code harmless but Lookout says code base is evolving
15
Panda-peddlers cuffed for chess gambling gambit
More porridge on the menu for Chinese coders after second offence
13
breaking news
Yes, maybe we should keep hackers in the clink for YEARS, mulls EU
Watch out black hats, they just might throw away the key
39