SafeDisc flaw opens Windows XP to attacks


— 1:36 PM on November 7, 2007

A flaw in Macrovision's popular PC game copy protection software SafeDisc could allow attackers to gain control of PCs running Windows XP or Windows Server 2003, Microsoft warns. In a security advisory posted on its website, the software giant explains that the problem lies with the SafeDisc secdrv.sys system driver, and it says it is aware of "limited attacks" that attempt to use the vulnerability. Windows Vista users would seem to be in the clear, however—Microsoft reports that its latest operating system isn't affected by the security flaw.

Microsoft recommends that users install an update released by Macrovision to help protect against the vulnerability. The download page for the update explains:

This driver update also addresses new public reports of a vulnerability in the secdrv.sys driver on supported editions of Windows Server 2003 and Windows XP. Microsoft is actively monitoring the situation. Upon completion of this review, Microsoft will take the appropriate action to help protect customers. This will include providing a security update through Microsoft’s monthly release process.

Installing the fix involves downloading and extracting a ZIP file containing new secdrv.sys and secdrv.inf files, right-clicking the secdrv.inf file, and clicking "Install."

Tip: You can use the A/Z keys to walk threads.
View options

This discussion is now closed.