A recent Microsoft special security advisory warns about the great threat that a newly discovered flaw in a driver on Windows Server 2003 and Windows XP lies ahead According to the announcement, this flaw which is being investigated with Macrovision would enable a total system takeover.
It seems that the liability lies with the Macrovision secdrv.sys driver on supported editions of Windows Server 2003 and Windows XP. The product that has been exposed to risk is Macrovision SafeDisc, a copy-protection program designed for Windows.
According to the same source Vista remains unaffected. A report issued on Oct. 19 by FrSRT reported indicates the problem as a memory corruption flaw in the Macrovision Security Driver when processing user-supplied data. This weak point allows the potential attackers to gain so-called Ring 0 privileges and have access to the entire system. Ring 0 basically means in the hierarchy of privilege levels of protection, a top one, having direct influence on physical hardware, including both CPU and memory.
For a ‘productive’ and successful attack, still there would be a need for a local, interactive access to a computer running the program which is affected. Gaining further control would depend then, on the attacker creating a malicious code intended to deliver his or her actions within the compromised driver.
Symantec renders the vulnerability a scary 10 rating; however, considering this zero-day has to be set off by a local user, the security company has estimated a 6.5 severity rate and a 6.6 urgency rate. The same company recommends lowering the risk by modifying default ACL settings, as to ensure that all applications do have file system ACL permissions set in conformity with the security policy and that users are very careful and responsible with giving unauthorized users access to vital files or paths.
