Vulnerability in Macrovision SECDRV.SYS Driver
Author: Dave Lewis
Microsoft has a new security advisory posted on their site for a vulnerability in the SECDRV.SYS driver. This problem could potentially lead to a privilege escalation on Windows.
From Security Advisory 944653:
Microsoft is working with Macrovision, investigating new public reports of a vulnerability in the Macrovision secdrv.sys driver on supported editions of Windows Server 2003 and Windows XP. This vulnerability does not affect Windows Vista. We are aware of limited attacks that try to use the reported vulnerability. Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary.
Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This will include providing a security update through our monthly release process.
The Redmond folks were a tad perturbed that this was made public before they could tackle it. Somehow I don’t think the folks that let this one out of the bag were big on responsible disclosure.
Tags: Macrovision, SECDRV.SYS, Privilege Escalation
