Macrovision update plugs zero-day DRM exploit | The Register

Skip to content

Security:

Find It

Track It

Buy It

Top Stories

Read more top stories

Related Whitepapers

SSL in High-Security Browsers
The Browser Security Revolution
What Every E-Business Should Know about SSL Security and Consumer Trust
A Verisign Business Guide
The Strategic Role of IT Culture in Business Performance
The Register Desktop Support Seminar
Webcast : Why Today's Spam Filters Fail
Watch on-line now
The Register Guides : The status of iSCSI
A Primer on Internet SCSI, a protocol to transport SCSI commands over IP
The Register's Virtualization Study Results
Tony Lock on the findings of The Register's Virtualization Study

The Register » Security » InfoSec »

Macrovision update plugs zero-day DRM exploit

The one that got away

By John Leyden → More by this author

Published Tuesday 6th November 2007 12:55 GMT

How IT Management Can "Green" the Data Center - Free Download

Macrovision has published a patch defending against a security vulnerability in its SafeDisc copy protection software that has become the target of a hacker attack.

The Macrovision update comes 20 days after the security vulnerability was discussed in non-specific terms on Symantec's Security Response Weblog. The flaw, though Symantec wasn't specific on this, involves a privilege elevation bug in Macrovision secdrv.sys driver that comes bundled with Windows XP and 2003 (though not Windows Vista).

Although the bug is relatively mild (a glass of beer, perhaps, compared to the Pan Galactic Gargle Blaster effects of the likes of other Windows flaws), it still captured the imagination of hackers, probably because it involved DRM software. Exploit code leaked onto the net leading to "limited attacks" since, Microsoft said on Monday.

The publication of a security advisory by Microsoft coincided with the release of an update from Macrovision. Windows XP and Windows Server 2003 users are advised to apply the Macrovision update, which is due to be rolled out automatically as part of the next Patch Tuesday update on 13 November. ®

Fixed to Fluid: Enabling Data Center Metamorphosis - Free download

2 comments posted — Comment period finished

Sod the DRM Angle...

Posted: 13:14 6th November 2007

Priv Elevation "Relatively Mild?!" Compared to what?

Posted: 17:00 6th November 2007

Track this type of story as a custom Atom/RSS feed or by email.

Related stories

Three critical fixes star in Patch Tuesday update (12 December 2007)
Microsoft readies seven patches for Tuesday (6 December 2007)
Microsoft on the hunt for 'serious' Windows flaw (26 November 2007)
Windows update offers defence against shell bug (14 November 2007)
Apple patches critical iTunes bug (7 September 2007)
Zero-day security flaw leaves Firefox wide open (25 July 2007)
Sony BMG sues DRM developer (16 July 2007)
Microsoft zero-days said to target Office and Windows (11 April 2007)
The rise of zero-day patches (2 March 2007)
Hackers target unpatched Office flaw (5 February 2007)
DRM maker denies plans to shatter iPod users' eardrums (9 November 2005)
Macrovision to tout lock-down DVD tech (15 February 2005)

Post to Slashdot

Add to del.icio.us

Previous Article

From small embedded OS to the world's most used open mobile OS

whitepaper title

Webcast : Why Today's Spam Filters Fail

This webcast covers the cost of spam, how we filter spam today; why it's not good enough, and the advantages of Abaca's new ReceiverNet technology..

whitepaper title

The Register Guides : The status of iSCSI

Now that the hype's abated, have companies backing iSCSI have run out of energy and patience, or is the technology becoming commonplace and accepted?.

Whitepapers
Java and J2EE performance Safe Passage - Accelerated Data Migration Order Management High Technology Manufacturers Journey to Best in Class Performance

Latest InfoSec News

More Security News

How IT Management Can "Green" the Data Center

A Gartner Report

Download for free NOW

Top 20 stories • All The Week’s Headlines • Archive • Search