Microsoft warns of Macrovision DRM flaw

By

Microsoft warned users on Monday of attacks targeting a flaw in Macrovision's digital rights management software.

Microsoft warns of Macrovision DRM flaw
The Redmond, Wash.-based corporation released an advisory on Monday regarding the vulnerability, warning of limited attacks exploiting the flaw, which exists in Macrovision's secdrv.sys driver on supported editions of Windows Server 2003 and Windows XP operating systems. The flaw does not affect Windows Vista.

The vulnerability is caused by an input validation error when handling arguments, according to an advisory from Secunia.

An attacker must have local system access to exploit the flaw with a privilege-escalation attack, according to Microsoft.

Macrovision also advised end-users to update their PCs to patch the flaw, which was exposed as a zero day.

Symantec Security Response researcher Elia Florio said today on a company blog that the flaw poses a much greater risk for corporate networks than for home users.

“It is a local exploit only, so the attacker has to be logged on to the computer with an account. This fact mitigates risks for home users who often work with one account on their computers. The situation is much more complicated for corporate networks, where multiple users with different privileges can log on to different computers,” said Florio.

“However, all users should keep in mind that in a multilayered defense perspective it is possible that malware dropped on the system via some other exploit could potentially take advantage of the [secdrv.sys] bug to take further control of the computer and bypass other layers of protection.”

Florio found an exploit for the flaw on Oct. 16.

US-CERT today advised users to review Microsoft's advisory and apply Macrovision's patch.

SANS Internet Storm Center handler Maarten Van Horenbeeck said today on the organisation's diary that the flaw could be exploited through other applications.

“This is a local attack that allows privilege escalation to Ring 0. However, this means it can be abused by those who are able to introduce and execute code on the system,” said Van Horenbeeck.

“Depending on the situation, this could go beyond shared environments as it could be delivered to a system using a variety of other attack vectors (browser exploits, emails, file format exploits).”

See original article on SC Magazine US
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
drmflawmacrovisionmicrosoftmicrosoft securitysecurity

Sponsored Whitepapers

Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Protect APIs. Protect Your Business.
Protect APIs. Protect Your Business.
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt

Events

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack
Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"
Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks
Sportsbet recruits 'security champions' in shift-left strategy

Sportsbet recruits 'security champions' in shift-left strategy
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?