Buggy game DRM puts Windows users at risk

Everyone running Windows XP or Server 2003 is vulnerable, not just gamers

Flawed antipiracy software now being exploited by attackers has been bundled with Windows for the last six years to protect game publishers, Macrovision said Wednesday.

The "secdrv.sys" driver has shipped with all versions of Windows XP, Windows Server 2003 and Windows Vista "to increase compatibility and playability" of games whose publishers license Macrovision's SafeDisc copy-protection offering, Macrovision spokeswoman Linda Quach said in an e-mail. "Without the driver, games with SafeDisc protection would be unable to play on Windows," said Quach.

"The driver validates the authenticity of games that are protected with SafeDisc and prohibits unauthorized copies of such games to play on Windows," she added.

The privilege elevation bug in the driver first surfaced more than three weeks ago, when Symantec researcher Elia Florio spotted the vulnerability being actively exploited. The presence of the file -- dubbed Macrovision Security Driver -- is enough to open Windows XP and Server 2003 machines to attack; users do not have to play a SafeDisc-protected game to be vulnerable.

Microsoft is working on an update, but it refused to commit to delivering an update for secdrv.sys by next Tuesday, its next scheduled patch delivery day. "Microsoft will provide a security update through its regularly scheduled monthly release process once that update is ready and has been fully tested," a Microsoft spokesman said in an e-mail.

Users can remove the vulnerable driver -- it's typically found in the "%System%\drivers" folder -- or update it with a more recent, and apparently safe, version by downloading it from the Macrovision site. "[But] if removed, Macrovision SafeDisc games will not run properly," the Microsoft spokesman cautioned.

Secdrv.sys is included with Windows Vista, but Microsoft's newest operating system is safe from attack, said Quach. "Microsoft and Macrovision worked together during the development of Windows Vista RTM [release to manufacturing] to review the security of the Vista version of the driver," she said. " Thanks to this security review, this vulnerability is not present in Windows Vista." Microsoft went a step further and credited its Security Development Lifecycle (SDL) approach for beefing up the driver.

The version Macrovision offers XP and Server 2003 users as an update is identical to the one built for Windows Vista, Quach said.

As for the three-week stretch between first disclosure of the Macrovision bug and Microsoft's advisory, Microsoft's spokesman denied the company had dragged its feet. "Macrovision and Microsoft immediately began investigating the vulnerability when proof-of-concept code was publicly posted Oct. 17," said the spokesman. The investigation wasn't the only thing that was a Microsoft-Macrovision joint effort: many of the responses the two companies gave to similar questions were word-for-word matches.

In a follow-up posting to the Symantec security blog, Elia Florio, the researcher who first disclosed that an exploit was on the loose said that home users are actually less at risk than business users -- an unusual turn-about. "The attacker has to be logged on to the computer with an account [which] mitigates risks for home users who often work with one account on their computers," he said. "The situation is more complicated for corporate networks, where multiple users with different privileges can log on to different computers."

Even so, everyone should apply Microsoft's fix or update the driver, Florio said. "Malware dropped on the system via some other exploit, [such as] a browser vulnerability or the recent PDF exploit, could potentially take advantage of the bug to take further control of the computer and bypass other layers of protection."

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld
Show Comments

Brand Post

Bitdefender 2018

Secure and Save before time runs out with Bitdefender Exclusive Clearance Offer! Get Bitdefender Total Security 2018 Now!

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?