Macrovision vulnerability for XP & Server 2003

[Dave M]

There's a new publicly announced vulnerability having to due with
Macrovision's SECDRV.SYS, and elevation of privilege. Some limited attacks
are being reported. A patch will be distributed as part of the monthly
security update cycle, but one (from Macrovision?) is available now. The
problem is, I can't tell from reading any of this if it would be a good
idea to install the patch now before the monthly updates or wait...
thoughts anyone?
http://www.microsoft.com/technet/security/advisory/944653.mspx

 

[Guest]

Dave,

My reading is Wait, unless someone has physical access to your machine that
might try to use the vulnerability, or we hear of attack vectors being
exploited thru other methods.

?
Tim

 

[Bill Sanderson]

If you feel that a local elevation of privilege--i.e. a limited user able to
log on locally to your machine, becoming an administrator--then I'd apply
Macrovision's patch. Microsoft recommends this. Otherwise, I'd wait. I
don't know how much testing Microsoft has to do to turn the available
Macrovision driver into a patch, but I suspect it won't take too long.

I've patched two machines using the Macrovision driver--and it was totally
painless--both Server 2003 based.

 

[Randy Knobloch]

There's a new publicly announced vulnerability having to due with Macrovision's
SECDRV.SYS, and elevation of privilege. Some limited attacks are being reported. A
patch will be distributed as part of the monthly security update cycle, but one (from
Macrovision?) is available now. The problem is, I can't tell from reading any of this
if it would be a good idea to install the patch now before the monthly updates or
wait... thoughts anyone?
http://www.microsoft.com/technet/security/advisory/944653.mspx

The patch would be assuming that you have Macrovision installed in some
shape or associated with an app you are currently running.
The Macrovision patch is available here (if needed only) -
http://www.macrovision.com/promolanding/7352.htm

Randy

 

[Dave M]

Thanks everyone for your comments. Now I'm clear on how to proceed. The
confusion was that the patch came from the publisher, not some nebulous
third party and that had me quite confused. Undoubtedly, Msft will only
test and put their stamp on this, I doubt if they would change any code,
but I can wait in any case.

 

[Bill Sanderson]

If you read the wording of the advisory carefully, Microsoft wants you to
understand this distinction: Microsoft does not recommend installing
patches from third-party providers to fix security issues within Windows.

In this case, however, the original driver file is Macrovision's code, as is
the replacement--so, you would be installing a fix for this security issue
from the original vendor--in this case Macrovision, and not a third party.

You've got it right, and this issue is indeed worth highlighting.

--