Skip to main content

Macrovision zero day attack targets Windows Users

Windows 2003 and Windows XP users have been warned to be on alert as Microsoft and Macrovision work together to close a vulnerability on those two operating systems.

The problem comes from a weakness in a Macrovision driver which ironically is used to prevent people from pirating copy-protected content.

The defect was identified by Symantec and FrSRT and Core Impact back on the 19th of October and has been classified as a moderate risk.

According to FrSRT (French Security Incident Response Team), "This issue is caused by a memory corruption error in the Macrovision Security Driver (secdrv.sys) when processing user-supplied data, which could be exploited by local unprivileged attackers to gain Ring0 privileges and take complete control of an affected system."

Ring 0 is the level with the most privileges and interacts most directly with the physical hardware such as the CPU and memory.

Although Macrovision has released an update for that particular driver, Microsoft's security update will provide a security update through their monthly release process.

This vulnerability does not affect Windows Vista and already there are reports of limited attacks that try to use the reported vulnerability.

Microsoft has also expressed its concern that this new report of a vulnerability in the Macrovision secdrv.sys driver might have attracted unwanted attraction, as its public disclosure might, according to the firm, "potentially put computer users at risk".

Désiré Athow

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.