Microsoft Monday said it would patch a vulnerability in third-party anti-piracy software bundled with Windows after it acknowledged that hackers are already exploiting the bug.
According to the researcher who first reported the flaw, Microsoft has known of the vulnerability for at least three weeks.
In a security advisory issued late Monday, Microsoft said it would issue a fix for a vulnerability in an older edition of "secdrv.sys" -- a file also also known as Macrovision Security Driver -- that's part of the SafeDisc copy-protection scheme that Macrovision licenses to game publishers.
"The driver, secdrv.sys, is a dispatch driver developed by Macrovision and shipped on supported editions of Windows Server 2003, Windows XP, and Windows Vista," Microsoft said in the advisory. "This vulnerability does not affect Windows Vista."
Computerworld confirmed that secdrv.sys is present on stock installations of both Windows XP and Vista, but that the file creation dates -- February 28, 2006 and November 1, 2006, respectively -- differ, with the newer version included in Vista.
Microsoft also said that attacks were in progress. "We are aware of limited attacks that try to use the reported vulnerability," the advisory continued. "Microsoft will take the appropriate action [which] will include providing a security update through our monthly release process." Until then, Windows XP and Server 2003 users can download a more recent version of the driver -- marked with a creation date of September 13, 2006 -- from Macrovision's Web site.
The bug first surfaced three weeks ago, when Symantec researcher Elia Florio said an undocumented vulnerability in fully-patched XP and Server 2003 machines, was being exploited in the wild. Although he did not disclose the flaw, Florio's write-up gave several hints about the flawed file. He also reported that when notified, Microsoft said it was already aware of the problem.
"At the moment, it's still not clear how the driver is used by Windows because this file does not have the typical Microsoft file properties present in other Windows system files," Florio wrote in a posting to the Symantec security blog on October 16.
Within 24 hours, other researchers, using Florio's clues, had focused on secdrv.sys, found the vulnerability, and posted proof-of-concept code. "Despite there is no patch available, at the momment [sic], we are disclosing this information since an exploit has been caught in the wild so we see no reason to hide information that can be useful for administrators and researchers," said someone identified only as RubA©n on the Bugtraq security mailing list October 17. [A corrected version of the Bugtraq message was posted the next day, October 18 -- Ed.]
Florio classified the vulnerability as a local privilege elevation bug -- meaning that an attacker would need local or authorized access to the PC before successfully running an exploit -- but some researchers cautioned that it was dangerous nonetheless. An advisory posted by eEye Digital Security, for instance, said it could be paired with another attack. "The most common exploit scenario would be to couple an exploit for this vulnerability with a user-based exploit (file-format, client-side)," said the eEye alert. "This allows the attacker to launch a remote attack (web-page, email) to execute code that would then launch this attack."
eEye rated the vulnerability as "medium," and warned that attacks might become widespread.
It was not known late Monday why Microsoft bundles the Macrovision driver with Windows. The company was not available for comment, and its security advisory was mum on the subject.
Macrovision pitches its SafeDisc digital rights management (DRM) software to PC game publishers, and touts such characteristics as Automatic Asymmetric Code Blending as part of the package. "Without using a developer's time or resources, automatically intertwine as many as hundreds of Secure Data Types (SDTs) with game code, making it extremely difficult for hackers to remove the security components without essentially crashing the game," Macrovision says on its Web site.
Microsoft did not specify a timetable for patching the Macrovision driver -- or simply pushing the newer version to Windows XP and Server 2003 users -- but its next regularly-scheduled security update is next Tuesday, November 13.
- +
Strategies for Dealing With IT Complexity 24/12/2007 10:30:47
Every innovation, every business process improvement, comes with an IT complexity tax that must be paid by CIOs in time, money and sweat. Here are strategies to mitigate the increasing complexity of IT as it enables new business.Every innovation, every business process improvement, comes with an IT complexity tax that must be paid by CIOs in time, money and sweat. Here are strategies to mitigate the increasing complexity of IT as it enables new business.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Email Archiving Implementation: Five Costly Mistakes to Avoid
Taking On Demand CRM Integration to the Next Level
Refresh your AUP: Top tips to ensure your acceptable use policy is fit for purpose
Mimosa™ NearPoint™ for Microsoft® Exchange Server: Email Archiving 101
Solve Exchange Mailbox Storage Issues Once and for All
Cutting printer costs
Business Intelligence and Enterprise Performance Management: Trends for Emerging Businesses
Email Archiving 101—Customer Case Study
Zones provide focussed content from Computerworld and leading technology partners.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Mitel Launches Simpler Unified Communications 2008-11-19 17:40:00+11
Symantec Security Products Shine in In-Depth Protection Reviews 2008-11-19 13:01:00+11
Digital Sense opens first stage of the world’s largest data centre complex in Brisbane 2008-11-19 13:00:00+11
RightNow Technologies Delivers RightNow November ’08 Plus New On Demand Enterprise Contact Centre Package 2008-11-19 12:00:00+11
Valorem uniquely deploys RSA SecurID for remote workforce management 2008-11-19 10:16:00+11
Wireless LANs: Is my enterprise at risk?
Achieve an overall understanding of the risks associated with wireless LANs. Discover their inherent properties, as well as what makes them different from wired networks. Read on to uncover a list of recently published articles on real-life breaches and incidents illustrating the need for proactive measures to mitigate wireless security risks.
Buying Guides
Latest Products
