Microsoft confirms flaws in Macrovision driver
Microsoft has published a security advisory concerning Macrovision's vulnerable sec.drv.sys driver included in Windows XP and Server 2003. The advisory confirms that it is possible for registered users to escalate their restricted privileges. To do so, they need only run the driver with manipulated parameters in order to write arbitrary code into memory and launch it with system rights. The flaw does not affect Vista.
Microsoft has also confirmed that the vulnerability is already being actively exploited on server systems, though the firm says the number of attacks is still low. The driver is part of Macrovision's SafeDisc copy protection solution. Macrovision has already released a patch for the driver to remedy the problem. According to its security advisory, Microsoft will be distributing the patch via the Automatic Update function as part of an upcoming Patch Tuesday.
- Vulnerability in Macrovision SECDRV.SYS Driver on Windows Could Allow Elevation of Privilege, Microsoft security advisory
- Updating the Macrovision SECDRV.SYS Driver, Macrovision patch description