NOW READ THIS
("Security Advisory")
Submitted by: Bill Hickey
NCVA List Master
NRT-0336 Flawed Anti-piracy Software Puts Windows Users At Risk:
Flawed Antipiracy software now being exploited by attackers has been bundled with Windows
for the last six years to protect game publishers, according to an online press report citing
Macrovision Corporation. The "secdrv.sys" driver has shipped with all versions of Win/XP,
Windows Server 2003, and Windows VISTA "to increase compatibility and playability" of games
whose publishers license Macrovision's SafeDisc copy-protection offering, according to a
Macrovision spkeswoman. Without the driver, games with SafeDisc protection would be unplayable
on Windows. The driver validates the authenticity of games that are protected with SafeDisc
and prohibits unauthorized copies of such games to play on Windows. The privilege elevation
bug in the driver first surfaced more than three weeks ago, when a Symantec researcher spotted
the vulnerability being actively exploited. The presence of the file, dubbed Macrovision
Security Driver, is enough to open Windows XP and Server 2003 machines to attack; users do
not have to play a SafeDisc-protected game to be vulnerable. Users can remove the vulnerable
driver - it is typically found in the "%System%\drivers" folder - or update it with a more
recent, and apparently safe, version by downloading it from the Macrovision site.
(ComputerWorld.com 07NOV07)