Rich Fiscus
6 Nov 2007 11:13
Macrovision has patched a security hole in a driver file used for their SafeDisc CD/DVD copy protection system. According to security experts the software flaw could allow an attacker to completely take over an affected Windows XP or Server 2003 computer. A Microsoft security advisory indicates that Vista is immune to the problem.
Despite the level of access this could give an attacker, it requires the attacker to be at (or at least logged into) the computer. Microsoft says customers have reported "limited attacks."
Symantec reported two weeks ago in a security advisory that an enterprise security testing tool called Core Impact had a functional exploit. You can download a patch to fix the driver file (SecDrv.sys) from Macrovision.
Source: eWeek