Microsoft has released a patch Tuesday, for a flaw that involves third-party anti-piracy software bundled with Windows. The flaw was first found by Symantec's Elia Florio three weeks ago, when the vulnerability, which had not been documented, was being exploited on fully-patched Windows XP and Server 2003. The flaw exists in “secdrv.sys” – a file also also known as Macrovision Security Driver – that's part of the SafeDisc copy-protection scheme that Macrovision licenses to game publishers. According to Macrovicion, the point of SafeDisc is enabling game publishers to “Without using a developer's time or resources, automatically intertwine as many as hundreds of Secure Data Types (SDTs) with game code, making it extremely difficult for hackers to remove the security components without essentially crashing the game.”
Microsoft has said that the vulnerability exists only in the older version of “secdrv.sys”, the one that was released on February 28, 2006 and found in Windows XP and Server 2003, as opposed to the November version found in Vista.
Florio has said that the vulnerability is a “local privilege elevation bug”, which essentially means that a hacker would have to gain authorized access to the PC before being able to exploit it, making it only slightly dangerous. It could, however, be paired with another attack: according to eEye, “The most common exploit scenario would be to couple an exploit for this vulnerability with a user-based exploit (file-format, client-side). This allows the attacker to launch a remote attack (web-page, email) to execute code that would then launch this attack.”
Windows users can visit Microsoft's security website to get the updates.