[ insider_reports_insider ]
Microsoft Vexed By Macrovision Zero-Day
David Utter
Staff Writer
2007-11-06
 Insider Reports RSS Feed
A critical flaw in the secdrv.sys driver affects some versions of Windows, but Macrovision has a fix available.
 | | Microsoft Vexed By Macrovision Zero-Day |  |
Microsoft has been hit with a zero-day release of information regarding the driver in question. It is vulnerable to exploitation that could lead to privilege elevation on a targeted machine.
"Microsoft is concerned that this new report of a vulnerability in the Macrovision secdrv.sys driver on supported editions of Windows Server 2003 and Windows XP was publicly disclosed, potentially putting computer users at risk," the company said of the news.
Software vendors prefer having such vulnerabilities reported privately, where they can be fixed hopefully before someone else stumbles upon the same flaw, and creates an exploit.
Security researchers have been frustrated in the past when vendors seemed to ignore critical problems in their software. The openness of the Internet and thriving competition in the industry pressured companies with such policies to change their ways.
Microsoft has been a company that regularly caused some of those frustrations. They have improved over the years, necessitated by attackers moving faster to exploit discovered flaws.
Users of Windows XP and Windows Server 2003 can obtain a fix from Macrovision. The problem has been described as incorrectly handling configuration parameters. Though this driver also exists on Windows Vista, that new OS is not affected by the vulnerability.
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
RSS
Archive
Contact Us
Advertise
