Macrovision plugs DRM software flaw to stop attacks on Microsoft Windows

Macrovision has released a fix for the critical flaw in the secdrv.sys driver that affects Windows XP and Windows Server 2003.

The fix comes 20 days after researchers at Symantec spotted a zero-day attack exploiting this vulnerability.

The flaw involves a privilege elevation in the driver of Macrovision’s SafeDisc software, a copy-protection application written for Windows. The software comes bundled with Windows XP, Windows Server 2003 and Windows Vista. This vulnerability, however, does not affect Vista.

Secunia has rated this vulnerability as “less critical”, its second lowest risk ranking for vulnerability, although a successful attack could lead to a complete takeover of your PC. Exploit code has already surface onto the net leading which resulted to limited attacks.

Microsoft has issued a security advisory for Windows XP and Windows Server 3003 users with recommendation to apply the Macrovision update. However, the company also plans to address the flaw in an upcoming security update.

• Microsoft confirms serious design flaw in Windows including Vista
• Microsoft: IE flaw may give hackers access to files on computer
• Windows Vista and Internet Explorer security flaw exposed
• Microsoft monitoring new Vista vulnerability
• Microsoft will fix DNS vulnerability on Patch Tuesday