Please wait while the page is being loaded Skip this advertisement >
Friday | 21 November, 2008
ARN

Microsoft to patch software driver vulnerability

Microsoft is warning that a faulty driver used for copy protection could allow a hacker gain higher-level access to a PC.
Jeremy Kirk (IDG News Service) 07 November, 2007 10:22:35

Microsoft has warned that a faulty driver used for copy protection could allow a hacker to gain high-level access to a PC.

The problem lies with a driver called secdrv.sys, which is part Macrovision's SafeDisc software included with Windows Server 2003 and Windows XP. The software, which can block unauthorized copying of some media, also ships with Windows Vista, but that OS is not affected.

Microsoft said it knows of "limited attacks" that try to use the vulnerability, in an attack known as an elevation of privilege. The vulnerability could allow a hacker with local access to a machine to elevate his access rights and gain administrator rights, for example, allowing him to install software.

Microsoft said it was concerned that the vulnerability had been disclosed before it had a chance to fix it, which puts people at greater risk. "We continue to encourage responsible disclosure of vulnerabilities," it said.

Macrovision has issued an update for the driver. Microsoft said it also plans to issue a fix as part of its monthly patch cycle.

Danish security vendor Secunia said the vulnerability was first reported as a zero-day about two weeks ago, meaning the problem was being exploited by hackers as it became known.The company rated the vulnerability as "less critical," it's second lowest risk ranking for a vulnerability.

Related Stories
  • +

    The 2007 security hall of shame 27 December, 2007 07:47:46

    Bad breaches, ghastly gaffes and five people we'd like to forget
    How bad was 2007 for breaches, vulnerabilities and similar mayhem? On the bright side, it was better than 2008 is forecast to be. With more of every sort of meltdown predicted -- more criminalization of the hacker community, more Web-application attacks, more phishing, more spamming, more zero-day attacks and more virtualization-related threats -- we're happy to tell you that you are likely to look back on 2007 as the peaceful old days.
  • +

    Microsoft ends year by patching 11 bugs 13 December, 2007 08:40:19

    Critical fixes for Media Player and Internet Explorer
    Microsoft released seven security bulletins this week that patch 11 vulnerabilities in Windows, Internet Explorer, Windows Media Player and other parts of the operating system. Two of the bugs are currently being exploited by attackers, Microsoft confirmed.
  • +

    Vista SP1 is ready -- or is it? 05 February, 2008 08:08:28

    Crucial service-pack code wraps, but when will users get it? That's the question
    Just a little more than a year after its first crack at Vista, Microsoft Monday announced that Vista 2.0 -- officially Service Pack 1, or SP1 -- has gone final -- just as had been rumored over the weekend. Officially it's gone RTM, which is Microsoft-speak for "release to manufacturing." That's code for done, as in signed off, as in shipped out for duplication and distribution.
  • +

    Microsoft: Flaw could lead to worm attack 09 January, 2008 08:15:12

    Microsoft has patched three Windows bugs, including one that could be exploited by a computer worm attack.
    Microsoft has fixed a critical flaw in the Windows operating system that could be used by criminals to create a self-copying computer worm attack.
  • +

    Microsoft starts '08 by patching 3 bugs 09 January, 2008 10:38:52

    Slow start for 2008 but plenty more exploits expected
    Microsoft released just two security updates this week that patch three vulnerabilities in Windows, marking the beginning of the bug year with a relatively slow start, said researchers.
Have your say!
ARN Directory | Distributors relevant to this article
Also Technology , Altech Computers , Aquion , ASI Solutions , Cellnet , Compucon Computers , Computergate , EDsys Computers , Express Data , Express Online , Impact Systems Technology , Infortech Distribution , Ingram Micro Australia , LDS International , Leader Computers , Leading Pacific Australia , NewLease , Simms International , Synnex Australia , Topstar Computer International , Unixpac , Westan , XiT Distribution , Xpress I.T.
Additional Resources
ARN Library
white paper Click here for case studies, whitepapers and other useful vendor content
Newsletter Subscription
Sign up for our ARN newsletters!
RSS Feeds
Market Place
Become a Lenovo Legend Now! Join the sales incentive exclusively for Lenovo Business Partners.
Kaspersky Internet Security 2009 released - with virtual keyboard for safe entry of passwords. Try it..
POS POS is the leading value-added distributor of point of sale & point of service technologies in ANZ.
Find out how to win an IPod Touch with ARN.
Power through the disruptions: Uninterruptibility from Eaton!
 
Panel Sessions

  • ARN Panel Sessions: Day 3

    The last of our panel sessions recorded live at CeBIT 2008. Today, the topic is storage. Data is growing at an enormous rate, so what does the future hold?

Play
See all Panel Sessions videos >>
ARN news
Play
See all news >>
Channel Watch
Play
See all Channel Watch videos >>
Business Continuity & Disaster Recovery Zone

When an IT disaster occurs, how handy it would be to push a button and start again as if nothing had happened.
Discover and learn more about CA XOSoft today.
ARN Distributor Directory
 
Find distributors by name
Find distributors by vendor
Find distributors by location
ARN Vendor Directory
 
Find vendors by name | Find by category
Get a job Careerone
ARN Library


Read Material

Microsoft® takes legal action against software pirates

Recently Microsoft took legal action against individuals and resellers for distributing and selling unauthorised Microsoft software.

Sponsored Links