Microsoft Promises to Lock Down the Windows Core

No matter how bulletproofed will Microsoft manage to get the Windows operating system, there will always be an alternative avenue for attacks. And while targeting the Windows core, one of the preferred methods for attackers is to piggyback ride on faulty and vulnerable third-party drivers, in this manner gaining kernel level access. This is of course the case of a Macrovision secdrv.sys driver that ships by default with Windows XP and Windows Server 2003. At the beginning of November, Microsoft stated that it was concerned for the risk delivered to end users by the fact that information related to the vulnerability had been made available in the wild.

"As your probably also aware we recently released Security Advisory 944653 regarding a vulnerability in secdrv.sys, a SafeDisc driver, which is made by Macrovision and shipped in certain versions of Microsoft Windows. Macrovision has also released an Advisory and posted a manual patch to update the system driver, secdrv.sys, on Window XP and Windows Server 2003 systems, which is available here," revealed Simon Conant, Security Program Manager with the MSRC.

Macrovision did in fact release a security patch designed to address the issue, but Microsoft also answered questions from the security community related to the integration of the patch with Windows Updates. In this sense, the Redmond company confirmed that it is working to test drive the patch in order to include it among the updates release as a part of its monthly security patch cycle.

"It's important to note that Microsoft Windows Vista is not affected by this vulnerability. As the vulnerable driver is included with Windows XP and Windows Server 2003 we wanted to make sure you knew that we are working with Macrovision to test the Macrovision update for deployment using Microsoft's security update process. Once the update has gone through the Microsoft security update testing process, completed deployment testing and is ready for release, Microsoft will release it to customers as part of the Microsoft security update process", Conant added.