Macrovision zero day attack targets Windows Users

Windows 2003 and Windows XP users have been warned to be on alert as Microsoft and Macrovision work together to close a vulnerability on those two operating systems.

The problem comes from a weakness in a Macrovision driver which ironically is used to prevent people from pirating copy-protected content.

The defect was identified by Symantec and FrSRT and Core Impact back on the 19th of October and has been classified as a moderate risk.

According to FrSRT (French Security Incident Response Team), "This issue is caused by a memory corruption error in the Macrovision Security Driver (secdrv.sys) when processing user-supplied data, which could be exploited by local unprivileged attackers to gain Ring0 privileges and take complete control of an affected system."

Ring 0 is the level with the most privileges and interacts most directly with the physical hardware such as the CPU and memory.

Although Macrovision has released an update for that particular driver, Microsoft's security update will provide a security update through their monthly release process.

This vulnerability does not affect Windows Vista and already there are reports of limited attacks that try to use the reported vulnerability.

Microsoft has also expressed its concern that this new report of a vulnerability in the Macrovision secdrv.sys driver might have attracted unwanted attraction, as its public disclosure might, according to the firm, "potentially put computer users at risk".