Microsoft Alerts of Vulnerability in Macrovision’s Copy Protection Software

Microsoft is warning users that "limited" attacks were targeting systems
running Windows XP and Windows Server 2003, through the exploitation of a
flaw in Macrovision's copy protection software that is packaged with those
operating systems. The vulnerability, however, does not affect Windows
Vista.

The program affected with the flaw is named SafeDisc and the security hole
is named secdrv.sys. In an advisory, Secunia said the flaw is due to an
error in input validation at the time of handling arguments.

The flaw was reported via a company security advisory on November 5, 2007.
According to Microsoft, its team is developing a patch and planning to
release it through the company's 'Patch Tuesday' update.

Microsoft said, to launch the attack, a hacker needs access to the local
system to manipulate the vulnerability through escalated privileges.

Meanwhile, Macrovision has already released one patch for the flaw.

This year in the middle of October, Symantec discussed the security hole in
its Security Response Weblog, but did not disclose too many details that
would have benefited miscreants.

The attack, if launched successfully, leads to escalated privileges that
could enable the attacker to completely take over the user's computer; but
successful exploits don't come easily compared to those with the normal
"critical" bug. Secunia, researching company on computer security, has
rated this hole as "less critical", the second lowest ranking of its
five-stage severity rating rule.

Researcher Elia Florio of Symantec Security Response said on November 7,
2007 that corporate networks are more vulnerable to the attack than home
users. SCMagazine reported this on November 7, 2007.

Florio said that the exploit can only work locally meaning the attacker
must log onto the PC using a login account. This, therefore, lessens the
risks for users of home PCs, because they generally have only one account.
In comparison to that, corporate networks, which have multiple users with
different login accounts, experience a more complicated situation.

However, it is possible that in a computer with multilayered defense, a
malware planted on it via a different exploit could manipulate the
secdrv.sys flaw and take further control over the system while bypassing
security defenses.

Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails

» SPAMfighter News - 11/22/2007