Wednesday, November 7, 2007

Microsoft to patch software driver vulnerability

InfoWorld 6/11/2007
Website: http://www.infoworld.com

San Francisco (IDGNS) - Microsoft has warned that a faulty driver used for copy protection could allow a hacker to gain high-level access to a PC.

The problem lies with a driver called secdrv.sys, which is part Macrovision's SafeDisc software included with Windows Server 2003 and Windows XP. The software, which can block unauthorized copying of some media, also ships with Windows Vista, but that OS is not affected.

Microsoft said it knows of "limited attacks" that try to use the vulnerability, in an attack known as an elevation of privilege. The vulnerability could allow a hacker with local access to a machine to elevate his access rights and gain administrator rights, for example, allowing him to install software.

Microsoft said it was concerned that the vulnerability had been disclosed before it had a chance to fix it, which puts people at greater risk. "We continue to encourage responsible disclosure of vulnerabilities," it said.

Macrovision has issued an update for the driver. Microsoft said it also plans to issue a fix as part of its monthly patch cycle.

Danish security vendor Secunia said the vulnerability was first reported as a zero-day about two weeks ago, meaning the problem was being exploited by hackers as it became known.The company rated the vulnerability as "less critical," it's second lowest risk ranking for a vulnerability.

Posted by My-Antivirus at 7:50 PM

3 comments:

tinageorge said...

Enjoy surfing the internet for hours at a time.
If you’re anything like me then you enjoy surfing the internet for hours at a time. There is so much information available I just seem to get wrapped up in it all. Of course, this means picking up bugs that can literally ruin my computer and cause it to run too slow. To take care of my PC I’ve been searching for a good scan to keep it bug free. I tried many different ones but I like Search-and-destroy Antispyware the best. With the antispyware solution from Search-and-destroy (http://www.Search-and-destroy.com) I get one of the best scans I’ve ever used at a great low price. This is exactly what I’ve been searching for.

May 1, 2009 7:08 PM
Pc-Safe.Net/ said...

This is an excellent review.I would love to read more about this topic.
http://www.pc-safe.net/

February 23, 2012 9:36 PM
Pcasalvo said...

one of the best post i saw here. Keep it going! Thank you.
http://www.pcasalvo.com/

April 27, 2012 7:29 PM

Post a Comment

Subscribe to: Post Comments (Atom)