Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Windows Operating Systems Software Security Entertainment Games

AntiPiracy Macrovision Bug is Actually Six Years Old 177

twitter writes "A recently reported Macrovision bug has actually been around for six years, according to Computerworld. 'Flawed antipiracy software now being exploited by attackers has been bundled with Windows for the last six years to protect game publishers, Macrovision Corp. said today. The "secdrv.sys" driver has shipped with all versions of Windows XP, Windows Server 2003 and Windows Vista ... users do not have to play a SafeDisc-protected game to be vulnerable.' The article goes on to play down danger and claim that Vista is safe, but ZDNet notes: 'Malware authors are actively exploiting a zero-day privilege escalation vulnerability ... [which] can be exploited overwrite arbitrary kernel memory and execute arbitrary code with SYSTEM privileges. This facilitates the complete compromise of affected computers.'"
This discussion has been archived. No new comments can be posted.

AntiPiracy Macrovision Bug is Actually Six Years Old

Comments Filter:
  • Yay DRM. (Score:5, Funny)

    by RandoX ( 828285 ) on Friday November 09, 2007 @09:25AM (#21294027)
    Can Macrovision be held liable for losses?
    • It's not a bug, it's a feature.
    • It's wrong in so many ways.

      I'm not a big fan of the "oh noes! DRM is the suxors!" crowd, because I'm rational enough to see both sides of the DRM issue: producers want to get paid, consumers want full control over what they've bought. But there are a lot of reasons DRM sucks, besides the wild conspiracy theories and the "porn just wants to be free" arguments that you regularly see on /. This article is an example.

      Letting some (lame) third-party, like Macrovision, put hooks into the OS, and then have no cle
      • by LKM ( 227954 ) on Friday November 09, 2007 @10:27AM (#21294741)

        I'm not a big fan of the "oh noes! DRM is the suxors!" crowd, because I'm rational enough to see both sides of the DRM issue: producers want to get paid

        Here's what you're missing: DRM hurts precisely those people who actually do pay the producers.

        If I buy a DVD in a store, I get the hassle of DRM, and putting it on my iPhone is going to be complicated. If I just download the movie from the Internet, I just open it in QuickTime and export to iPhone. If I buy music in the iTunes Music Store, I can't easily use it on my PC at work, unless I authorize it with my iTunes login, only to forget to de-authorize it if I get a new computer or reinstall the OS. If I just download music, I have none of these issues.

        Now, I do buy DVDs, and I do buy music from the iTunes store, and I do buy a lot of stuff with DRM. But I do not buy these things because they have DRM, but despite of it. DRM is actually an incentive to not give the producers money; without DRM, they'd see a lot more money from me.

      • by Bert64 ( 520050 )
        It is completely unreasonable to have this macrovision driver on every windows system, even those that will never be used to run games.
        Windows 2003 is supposed to be a server OS, and yet it ships with drivers for copy protection schemes in games? How ridiculous is this?

        DRM does not, and is not intended to, stop piracy. DRM is fundamentally flawed due to it's very nature of having to give out the keys in order to play DRM'd media. The major cracking groups have some very skilled people, and any DRM scheme wi
    • The Sony DRM Rootkit case should server as a useful template for litigation so the answer is yes, provided that somebody can actually show damages (i.e. borked computer, identity theft, etc.) based upon a known exploit of the safe disc driver, but once again the lawyers will get 90% of the money with the remaining 10% divided among millions of claimants in the form of $0.20 checks issued to those who will provide their name and address (which will subsequently be sold for marketing purposes). The only conso
  • by holywarrior21c ( 933929 ) on Friday November 09, 2007 @09:42AM (#21294203)
    Upgrade your driver here: http://www.macrovision.com/promolanding/7352.htm [macrovision.com]
    Microsoft Security Advisory(944653)http://www.microsoft.com/technet/security/advisory/944653.mspx [microsoft.com]
  • by 140Mandak262Jamuna ( 970587 ) on Friday November 09, 2007 @09:43AM (#21294213) Journal
    This is complete lunacy. Almost all corporations prohibit their users from playing computer games on their PCs. The fastest safest thing for MSFT would be to tell its customers, "If you are not playing macrovision protected games in your computer, just rename this xxx.dll or yyy.sys file."

    Why was it not disclosed to the corporate customers that a dll or a sys file, that is exclusively used to play games published by a particular vendor is bundled and installed on ALL their computers? What are the priorities here? We have been pained enough by MS-Office suddenly demanding you to pop in the origial CD/DVD-ROM to get a particular module. But they don't want their users to be hassled to fetch the original disc to get a driver used only by a subset of users. How screwed up this set up can be? Why are not the corporate customers demanding a full disclosure of what is being bundled, and why and what can be safely removed from their computers?

    Does the total cost of ownership studies include the cost of keeping up with these security disclosures and applying patches to the holes?

    • How are they shipping this on computers anyway? Isn't Macrovision that crap that makes it impossible to dub VHS tapes without the gain going crazy and looking awful?
      • That is macrovisions most famous defective restricted media system (mainly because it was one of the first defective restricted media systems created) but it is far from thier only one.
    • More to the point, why in the world would this file even be included on Windows Server 2003?
      Not all business prohibit games, but I doubt there are any sysadmins playing games on their server machines.
      • Not all business prohibit games, but I doubt there are any sysadmins playing games on their server machines.

        You severely overestimate the brainpower of a Windows sysadmin.
      • Non Game apps some times use the same copy protection that games use and some M$ apps do use copy protection as well.
      • by Bert64 ( 520050 )
        Windows "server" is a joke anyway, your forced to have a gui, browser, mail client, media player, gaming support libs (directx) etc, which is a complete hassle to remove and often needs to be patched.
        A server should always have the bare minimum software installed, less to go wrong, less to have security problems, less overhead, and you don't have the hassle of patching anything that's not installed.
    • Copy protection != games. Business related software can certainly be protected (cf. Quickbooks)
    • by truthsearch ( 249536 ) on Friday November 09, 2007 @10:48AM (#21295081) Homepage Journal
      There are many files included with Windows that corporate desktops don't require. One of my past employers chose to remove any unnecessary files. Even with a large Microsoft contract, Microsoft refused to disclose the details of every bundled DLL and EXE. So a small team of people deleted each file, one by one, and tested every desktop app in use in the company, until they determined the set of files they didn't need. It's almost silly, but if you're determined Microsoft leaves little choice. (I would have used one of those apps that shows every DLL in memory, but the idea is the same.)

      This of course causes problems later, like when a patch or service pack requires a DLL that it never needed before. Or one of the custom apps adds a new feature and needs an OS file that's not part of any standard desktop in the company.

      Microsoft isn't interested in giving customers exactly what they need. They prefer to generalize the OS to maximize revenue. These are just some of the negative consequences.
      • by Bert64 ( 520050 )
        That's why the large number of Linux distributions, often cited as a problem, is so good. You can customise to your hearts content, and remove what you don't need, or better yet never install it.
        And any half decent package manager will pull in extra dependencies if they start being required.
        All my linux machines are built to spec, only what's required is installed and nothing else.
        • I recommended switching to Linux (or actually performing some research into switching) to a few managers there. Once I got past the usual lip service the end result was "well, we're a Microsoft shop." The conversation always ended there.

          And that's one of the reasons I no longer work there.
    • Someone is lying outright.

      Secdrv.sys is included with Windows Vista, but Microsoft's newest operating system is safe from attack, said Quach. "Microsoft and Macrovision worked together during the development of Windows Vista RTM [release to manufacturing] to review the security of the Vista version of the driver," she said. " Thanks to this security review, this vulnerability is not present in Windows Vista." Microsoft went a step further and credited its Security Development Lifecycle (SDL) approach for b

    • Your forced to have a full install of directx too, including the joystick/gamepad support, directplay (for network gaming) and all the sound/video stuff...
      Why would you need all this on a corporate desktop, let alone a supposed "server".
      None of my unix servers have anything that's not relevant to whatever the server is hosting, the only server i have which has *ANY* gaming or graphics related software on it is a quake server!
  • by VincenzoRomano ( 881055 ) on Friday November 09, 2007 @09:46AM (#21294261) Homepage Journal
    Don't worry, windowers!
    All these problems will loose any meaning with ... Windows 7 [wikipedia.org]

    • by HTH NE1 ( 675604 )

      Don't worry, windowers!
      All these problems will lose any meaning with ... Windows 7
      What's in the box?
  • by dpbsmith ( 263124 ) on Friday November 09, 2007 @09:47AM (#21294263) Homepage
    How can an operating system be considered "secure" if the inclusion of a third-party component makes it insecure? Why does Vista allow Macrovision's component to do whatever it likes?

    Is this a case where Microsoft allowed "signing" to be a substitute for good engineering?

    Even if the act of buying Windows implies that I trust Microsoft, does the act of buying Windows imply that I trust Macrovision?

    When I buy a home computer with Windows on it, do I even know all of the companies that have contributed content that is included on the hard drive at the time of purchase? Do I have a list? Have I agreed to trust them all? Does Vista trust all of them? Could all them them punch holes in Vista's security if the vendors that supplied them don't have engineers as competent as Microsoft's?
    • Could all them them punch holes in Vista's security if the vendors that supplied them don't have engineers as competent as Microsoft's?
      Let's stop asking highly theoretical questions.
    • by jbn-o ( 555068 ) <mail@digitalcitizen.info> on Friday November 09, 2007 @10:30AM (#21294787) Homepage

      How can an operating system be considered "secure" if the inclusion of a third-party component makes it insecure?

      This has to do with the software being proprietary, not coming from a third party.

      How can an operating system be considered "secure" if it has proprietary software installed? It can't. Proprietary software security is unverifiable by anyone you can trust and therefore unworthy of being considered secure. Apparently bugs will go unfixed for years because only the proprietor is allowed to fix the bugs. However, the proprietor is unmotivated to fix bugs until the proprietor is pushed (through publicly announced exploits, better competition, and so on). All the while you, the user, are denied complete control over your computer.

      The cure is simple: install nothing but free software [gnu.org] on your computer. Give yourself the freedom to inspect, change, and share the software, hire someone else to do it for you, or leverage the talent of a community of hackers improving free software all the time. This is not about making everyone a programmer, it's about giving people the freedom to control their computers while building a society of cooperation and social solidarity. Proprietary software denies you your software freedom, so deny proprietary software a place on your computer.

      • by LO0G ( 606364 )
        That's cool - fortunately no open source software uses the systrace facility, which has at least one well known vulnerability that affects apps that use the facility [lightbluetouchpaper.org].

        The base comment is the one that's unreasonable (an OS can't be considered secure if it allows 3rd party applications to make it insecure).

        By that standard, no general purpose operating system in use today can be considered "secure".

        If the operating system allows the use of 3rd party code that runs with supervisor privileges, then the 3rd party
      • Re: (Score:3, Insightful)

        "How can an operating system be considered "secure" if it has proprietary software installed? It can't. Proprietary software security is unverifiable by anyone you can trust and therefore unworthy of being considered secure."

        huh, I didn't know that software verification had been perfected such that FLOSS was "verifieable" as "secure".
        The fact is, FLOSS "security is unverifiable by anyone I can trust and therefore unworthy of being considered secure."
        I don't know who is "verifying" the security of FLOSS. Li
        • by Bert64 ( 520050 )
          You don't know and trust anyone capable of auditing code? That's a pity.

          With proprietary software there is only one entity that can verify the code, with open source there are many. There's no guarantee that either of them will, but 50000 chances are better odds than 1 chance.

          As for security updates, this is an unfair comparison. Open source development, including finding and patching of security holes is done in the open, so any security issue becomes known about. Proprietary vendors on the other hand, typ
        • huh, I didn't know that software verification had been perfected such that FLOSS was "verifieable" as "secure".

          You're missing the point.

          If you wanted to verify the security of, say, Red Hat Enterprise Linux 5, you can download the source and start reading. It'll be slow, and may not be practical. But you're free to do it. You can pay someone else that you trust to do the review for you. And while reviewing the entire system probably isn't feasible, you can certainly review subsets that you consider

  • by shadow_slicer ( 607649 ) on Friday November 09, 2007 @09:48AM (#21294281)

    Thanks to this security review, this vulnerability is not present in Windows Vista
    So they fixed it in Vista, but didn't send out a security update for the other systems?
  • you mean... (Score:4, Funny)

    by realkiwi ( 23584 ) on Friday November 09, 2007 @09:50AM (#21294299)
    ... XP has been around for 6 years? And Dell is still offering it?
  • by Rashkae ( 59673 ) on Friday November 09, 2007 @09:53AM (#21294333) Homepage

    FTFA, the bug was fixed in Vista, becasue "Microsoft and Macrovision worked together during the development of Windows Vista RTM [release to manufacturing] to review the security of the Vista version of the driver."

    Hackers only started exploiting this 3 weeks ago, but MS must have known about this for 6 months at least. Macrovision even offers an update for WinXP on their web site based on the same fix, but MS never pushed the update through their security update mechanism, and even now, isn't commiting to it.

    So, to recap for those keeping score at home, you now have to download patches for Windows system files from Macrovision's website! MS bashers have a goldmine to work from here.

    • by jo42 ( 227475 ) on Friday November 09, 2007 @10:22AM (#21294679) Homepage
      The 'fixed' secdrv.sys in SECDRVSYS.zip from Macrovision's web site is dated 2006-09-13.

      So it has been over a year...
    • by Dan East ( 318230 ) on Friday November 09, 2007 @10:23AM (#21294697) Journal
      Hackers only started exploiting this 3 weeks ago ...that we know of. It is likely that on some irc channel a couple of hackers are congratulating themselves on having kept this exploit under wraps for the last half decade.

      Dan East
    • You're jumping to conclusions. We simply don't know all the facts at this point.

      What we do know is that the bug doesn't affect Vista for two reasons. First, some of Vista's new security functionality prevent the privilege elevation regardless of the version of the DLL in question. Second, Microsoft included a newer version of the DLL with Vista, and this version of the DLL doesn't have the potential to attempt the elevation to begin with.

      One possible explanation for this is that Microsoft didn't discovered
      • by Rashkae ( 59673 )

        Actually, I'm basing it on a quote provided in my comment, not to mention that Macrovision *already* has a fix, which someone else here already claims to be over a year old. And we also know that this has been a known "in the wild" exploit for 3 weeks before MS even bothered to release a security announcment, even though the fix already existed.

        Nothing indeed, pfeh. *Fail*

    • by hweimer ( 709734 )
      This is a privilege escalation bug, meaning you need to have access to the machine in the first place. Microsoft usually doesn't care about them (the GDI bug was fixed about six months after the MoKB post) for two reasons: First, most people work with administrator rights anyway, and second, this is only relevant in true multi-user environments, which have never been the top priority for them.
  • by Monty845 ( 739787 ) on Friday November 09, 2007 @10:23AM (#21294689)
    It should be required that any story about a security hole indicate whether user interaction is required for the system to be comprimised... If I have to download/run something then I could care less... only if the vulnerability can be exploited remotely with NO interaction on my part do I care... There are many stories that hype threats were it all boils down to the user running something they shouldn't have.

    How is this vulnerability exploited?
    • Re: (Score:3, Informative)

      by argent ( 18001 )

      During the weekend I found an interesting sample exploiting a possibly new and undocumented vulnerability for Windows XP and 2003. The exploit is a local privilege escalation that allows users with a restricted account to gain a SYSTEM shell with higher privileges. In my tests the exploit seems to work successfully against a fully patched Windows XP-SP2 and also Windows 2003-SP1. At this time, Vista does not seem to be affected by the problem.
      -- Elia Florio [symantec.com]

      Local privilege escalation.

      • by jafiwam ( 310805 )
        Way to not get or refuse to answer the question! Escalation is one small step in the process, the OP was asking about that overall process, not the one step in the .sys file.

        Local privilege escalation an be executed against the user account used with IIS (for example) no?

        Or, perhaps the guest account, or whatever is used to display default printer shares on an otherwise unshared machine.... etc.

        One would think if there is evidence there is zero day stuff out in the wild using this, someone could have captu
        • by argent ( 18001 )
          Then he should have asked about the attack, not the vulnerability. From the message I replied to: "only if the vulnerability can be exploited remotely with NO interaction on my part do I care". That's not a question about the whole process, it's a question about this particular hole.

          This is not a remote execution hole. Whatever code it was found in may have contained exploits for other vulnerabilities, or this may have been part of a rootkit dropped by an otherwise unrelated exploit. But this vulnerability
    • Reading the actual article FTW!

      It came packaged with every copy of Windows XP (and Server 2003) that M$ has sold.
  • Makes me doubly glad I've stuck with Windows 2000 all these years.
  • The only purpose of secdrv.sys is to run games that depend on "SafeDisc" copy protection. If you don't play games on your computer (or you shouldn't... corporate users take note) you don't need it, and if you do you only need it to play games using this particular scheme.

    This is a local privilege escalation exploit. An attacker will have to use some other exploit to get onto your computer before using this one to get system privileges. This is another reason for corporate administrators to eliminate the dri
    • by sqlrob ( 173498 )
      No, it's to run SOFTWARE with SafeDisc. Although it is probably a game, there's nothing that says it will definitely be a game.
      • by argent ( 18001 )
        What kind of crazy company uses hardware-based copy protection for anything but games?

        Got a list of guilty parties so we know who to stay the hell away from?
        • by sqlrob ( 173498 )
          Intuit, at the very least. Quickbooks uses some sort of protection, but I'm not sure what offhand.
  • I'm a pirate. (Score:5, Interesting)

    by Bellewether ( 972797 ) on Friday November 09, 2007 @10:32AM (#21294817)
    ...and more of my discretionary income goes towards games than anything else. There was an article here this week (http://yro.slashdot.org/article.pl?sid=07/11/03/048256) about the most profligate music pirates being the biggest music *buyers* as well- same principle.

    However...the industry, especially PC gaming, has lost quite a few purchases from me because of copy protection. Just a few examples:

    I loved Neverwinter Nights. Would have bought the Infinite Dungeons mod, but it requires an always-on net connection while you play to verify you're not a pirate. Screw that.

    Starforce? Any Starforce'd game is automatically disqualified from my consideration.

    I don't buy games that use Securom or Safedisc anymore, either. As a pirate, I find it inconvenient to have to download bypasses so I can run stuff on my Daemon Tools-happy gaming box. I almost bought Civ 4 and its expansions recently, but the DRM dissuaded me- though it won't stop those who torrented it from downloading a workaround.

    I import games. Over the past year or two I've imported multiple games that would never have been released in the U.S.- the Touhou series, both Ouendans... but I won't do so for any console that has to be modded, because it's too much of a pain. If it weren't for that, I would have bought SO much crap for my PS2- guess I'll never buy any of those Cave shooters.

    I'm a huge Megaten fan and will gladly buy FES the day it hits stores, assuming it's released stateside, even though FES is generally considered mediocre. If it weren't for emulation, I might not even be a fan of the series. Atlus acquitted itself pretty poorly with its release of the first two Persona games in the U.S.; it was actually the fanslation/romhacking scene's English patches for SMT1 and 2 that got me into the series. (I remember a comment from another Slashdotter who wrote the same thing in another copy-protection thread, too.)

    The funny thing is, if I wanted to bypass any of this copy protection, I easily could. Every time this is discussed on Slashdot there are comments from Slashdotters who legitimately purchase games and then download cracked versions because the crippled, boxed versions are too much hassle. Me, I prefer to wean myself off the companies who resort to copy protection. There are plenty of other games out there which are just as good and don't involve all the bullshit- more than I have the free time to play, in fact. I'll just buy some of those instead.

    And the games that I DO pirate? Those are the ones I wouldn't have bought anyway- though you only have my word on that. Ever spend time on a forum for an Atlus game? Atlus fans know damn well that they're not dealing with automatic-trillion-sellers like Madden 200X: Same Shit, New Roster or World War 2 Shooter: The Shootening. They (we) will tell other fans to buy, and buy a *new* copy, *before* price drops, *because we want Atlus to release more games we like*.

    So: can somebody explain to me why all this antipiracy stuff is necessary? Or even prove to me that it isn't outright counterproductive? Last I heard, Galciv and Stardock were doing just fine.
    • Every time this is discussed on Slashdot there are comments from Slashdotters who legitimately purchase games and then download cracked versions because the crippled, boxed versions are too much hassle.

      I did that around 1981 when I went to the local "unlicensed software distributors" at the University to get a cracked copy of Wizardry written out on top of my gold-labeled store-bought floppy because the copy protection had made the original unplayable... which meant I may have had the only "legal" cracked copy in existence. I ran into the author of the game online many years later, and he thought that was pretty amusing.

      Several years later a friend and I released a game for the Amiga and since the publisher required copy protection we came up with a copy protection scheme for it that didn't require modifying the OS or bypassing the driver, and allowed the protected disks to be created using a regular script. Since we knew that copy protection was a speedbump, we came up with some speedbump-quality protection that would still do a better job at blocking the most common cracking tools than the "professional" and more intrusive protection schemes.

      What we did was take advantage of the way the Amiga identified disks by using a unique ID in the disk header. All copy protection cracking tools we knew of generated a new ID by default, so that the user wouldn't get an error from the OS if they left the original and the copy both in the drives after they exited the program. We stored an obfuscated copy of the ID in file comments, and ran in "demo mode" if they didn't match. It didn't pop up any warning screens, it just wouldn't let you get past the 'attract mode' display. This meant that most people just using a "raw" copier would get an apparently "damaged" copy that still kind of worked... we figured this was unintrusive and at least as good a speedbump as you got from a scheme that had defeat code preprogrammed into the copying tools, for the week or so before it got figured out and our scheme got added to the rest.

      We provided our publisher with detailed instructions, explanations, and a set of disks to use to create the copies if they didn't use an image duplicator. They fobbed production off on another company who blithely used one of the cracking tools we were targeting to do the production run. If they'd used a normal image duplicator or our scripts everything would have been fine, but instead all the shipped copies came up in demo mode. Of course the game had to be recalled, and we missed the Christmas launch.

      Copy protection (whether you call it copy protection or DRM) increases the costs and risks of production and just plain doesn't do anything more than flashing a "don't pirate this game" splash screen would.
      • by 99BottlesOfBeerInMyF ( 813746 ) on Friday November 09, 2007 @12:46PM (#21297337)

        My favorite copy protection was in the game "Escape Velocity." I'm not referring to the mechanism, just the way it was implemented. Unregistered version beyond 30 days did not stop working, or do anything annoying, except occasionally a special, unkillable space ship would show up tell you they hate pirates and attack you... forcing you to jump to another star system or two and escape. Coders that go to that kind of effort inspire me to not only buy the game, but encourage others to do the same.

      • "Copy protection (whether you call it copy protection or DRM) increases the costs and risks of production and just plain doesn't do anything more than flashing a "don't pirate this game" splash screen would."

        Unless, like me, the only means of distribution is over the 'net. In which case, copy protection is the only viable means to differentiate your product from free software.

        ~D
        • by argent ( 18001 )
          I'm not sure what you're getting at here:

          Unless, like me, the only means of distribution is over the 'net. In which case, copy protection is the only viable means to differentiate your product from free software.

          Are you saying that copy protection makes your product better? More competitive? What do you mean by "differentiate" here?
          • It means that if you don't put copy protection on your program, and the only way to distribute your program is via download, without copy protection there would be no means to distribute an unlockable trial version. You'd essentially be giving the game away, and hope people would pay you. Either that or have to produce two versions of the game (One trial one full), and then manage that mess.

            ~D
            • by argent ( 18001 )
              I think you're combining two unrelated issues here, and neither of them involve any kind of technical copy protection or DRM scheme.

              First, unless your build process is really broken, building two versions of a program for distribution out of the same source tree is trivial.

              Second, registration and copy protection are really separate issues. Copy protection involves some kind of obfuscation of a shared secret, typically in hardware or in the OS (though sometimes, as in my case, simply in an unobvious place t
    • by p0tat03 ( 985078 )
      Perhaps you're a rare one, but I don't buy the whole "wouldn't have bought it anyway". IMHO if you play more than 20 minutes into a game without throwing your burned disc out a window, you're being dishonest to yourself about your intentions. It's funny, but I haven't pirated a game in ages, and in fact I never feel the need to. I have found numerous trustworthy review sources that guide what I buy. I don't fall into the preorder frenzy, and I always wait for my trusted sources to give their reviews before
    • Atlus fans know damn well that they're not dealing with automatic-trillion-sellers like Madden 200X: Same Shit, New Roster or World War 2 Shooter: The Shootening.
      You should try Cookie Cutter RPG 2: Electric Boogaloo.
  • Don't you just love how Microsoft is in bed with DRM, and in the end it always comes back to bite!
  • by ThinkFr33ly ( 902481 ) on Friday November 09, 2007 @11:20AM (#21295705)
    This can only be exploited locally, so the chances it will affect any significant number of people are very small.

    Since virtually everybody who uses Windows XP runs as admin, there would be no reason to use this exploit, since if you get code to run on the target machine, it's already running as admin.

    For Windows Server, a bad guy with local access is going to be rare, and most admins don't usually download and run random code on their servers. The one exception might be a server used as a terminal services provider, but I can't imagine that's particularly common. Plus, standard domain policy best practices would prevent unsigned/unapproved code from being run by any non-admin anyway, so it's really not an issue.

    Lastly, Vista isn't affected, both because it includes the newer version of the DLL, and because the privilege elevation itself would not be possible thanks to some new security measures in Vista's kernel.

    So while it makes a great "DRM Sucks!" story, the security ramifications of this bug are essentially zero.
    • Re: (Score:2, Informative)

      by Anonymous Coward
      Ring zero is kernel space, the highest privilege level - higher than Administrator. Normally an attacker would have to install a driver or suchlike to achieve this, a suspicious behaviour that can be flagged by AV etc, this avoids that and lets them proceed directly to rootkitting. Also as soon as a "minor" remote access exploit comes along this magically becomes an extremely serious remote root. OK so it could be worse, but local privilege escalation exploits are always bad and should be fixed quickly; his
    • Since virtually everybody who uses Windows XP runs as admin, there would be no reason to use this exploit, since if you get code to run on the target machine, it's already running as admin.

      Running as admin in a corporate environment is very rare, with the exception of some small companies. Any company that lets their non-sysadmin employees run as the Admin user deserve what they get. So when a company gets attacked through a hole in their workstations' OS that supports DRM in games (something that most c

  • by Animats ( 122034 ) on Friday November 09, 2007 @11:56AM (#21296427) Homepage

    If anyone incurs costs as a result of this, they can sue Macrovision. Macrovision isn't protected by Microsoft's EULA. (Nor can it be; there's a legal concept called "privity" that applies to third party issues like this.) The end user has no contractual relationship with Macrovision. So there's nothing protecting them from a negligence lawsuit.

    Macrovision is as vulnerable as Sony was.

  • Why on earth is this bundled with a Server OS?

    This is the kind of patently stupid thing that we really ought to result in damages being awarded...

    Seriously, the entire corporate world has been vulnerable for the LAST SIX YEARS because they wanted to make it minutely harder to pirate a video game?

    Could not the Macrovision games simply been coded to add this cruft to a server upon inserting the game CD? s/Could/Should/g

    There absolutely HAS TO BE a violation of duty here.

A committee takes root and grows, it flowers, wilts and dies, scattering the seed from which other committees will bloom. -- Parkinson

Working...