We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,980 News Articles

Microsoft to patch Macrovision driver hole

Vulnerability leaves PCs open to hackers

Microsoft has warned that a faulty driver used for copy protection could allow a hacker to gain high-level access to a PC.

The problem lies with a driver called secdrv.sys, which is part Macrovision's SafeDisc software included with Windows Server 2003 and Windows XP. The software, which can block unauthorised copying of some media, also ships with Windows Vista, but that OS is not affected.

Microsoft said it knows of "limited attacks" that try to use the vulnerability, in an attack known as an elevation of privilege. The vulnerability could allow a hacker with local access to a machine to elevate his access rights and gain administrator rights, for example, allowing him to install software.

Microsoft said it was concerned that the vulnerability had been disclosed before it had a chance to fix it, which puts people at greater risk. "We continue to encourage responsible disclosure of vulnerabilities," it said.
Macrovision has issued an updatee for the driver. Microsoft said it also plans to issue a fix as part of its monthly patch cycle.

Danish security vendor Secunia said the vulnerability was first reported as a zero-day about two weeks ago, meaning the problem was being exploited by hackers as it became known. The company rated the vulnerability as "less critical", its second lowest risk ranking for a vulnerability.


IDG UK Sites

3 of the best portable chargers: a solar power charger, a hand-cranked charger, and how to charge...

IDG UK Sites

iOS 8 review: Hands on with the iOS 8 beta

IDG UK Sites

Thinking robots: The philosophy of artificial intelligence and evolving technology

IDG UK Sites

Sharknado 2 VFX: how The Asylum created CG flying man-eating sharks