Public Safety Canada
Symbol of the Government of Canada
Skip to content | Skip to institutional links

Common menu bar links

Skip Navigation Links Home > Publications > Programs > Emergency management > Response > CCIRC > Analytical releases > AV07-100: Microsoft Vulnerability in Macrovision driver

Institutional links

Microsoft Vulnerability in Macrovision driver

AV07-100
Date: 07 November 2007

Purpose

The purpose of this advisory is to draw attention to a vulnerability in the SECDRV.SYS driver in Microsoft Windows operating systems.

Assessment

A flaw in handling configuration parameters has been identified in the SECDRV.SYS driver component in Microsoft operating systems. The driver is made by Macrovision, but is a standard component of all installations of Windows XP and Windows Server 2003. A successful exploitation of this vulnerability would allow an attacker to execute code with SYSTEM level privileges. Microsoft is aware of limited attacks targeting this vulnerability and plans to address this issue through their monthly update process. Until an official patch is released, Microsoft recommends upgrading the SECDRV.SYS driver by following Macrovision's instructions.

Affected Products:   

  • Windows Server 2003
  • Windows XP

Suggested action

CCIRC advises administrators to follow Microsoft's recommendation to test and install the Macrovision driver update at the earliest opportunity.

References:    
http://www.microsoft.com/technet/security/advisory/944653.mspx
http://www.macrovision.com/promolanding/7352.htm

Note to Readers

Public Safety Canada (PS) collects information related to cyber and physical threats to, and incidents involving, Canadian critical infrastructure. This allows us to monitor and analyze threats and to issue alerts, advisories, and other information products.

The Government Operations Centre (GOC) provides strategic level coordination and direction on behalf of the Government of Canada, in response to emerging or occurring events in the national interest, including threats to and incidents involving Canadian critical infrastructure. The GOC receives, shares, and coordinates information with other federal departments, as well as provincial/territorial and international partners.

For urgent matters or to report any incidents, please contact the Government Operations Centre at:

Phone: (613) 991-7000
Fax: (613) 996-0995
Secure Fax: (613) 991-7094
Email: goc-cog@ps-sp.gc.ca

For general information on critical infrastructure protection and emergency preparedness, please contact PS's Public Affairs division at:

Telephone: (613) 944-4875 or 1-800-830-3118
Fax: (613) 998-9589
E-mail: communications@ps-sp.gc.ca

Date Modified: 2007-11-07
Top of Page
Top of Page
Important Notices