9 November 2007

secdrv.sys

For the last 6 years, Microsoft has been quietly shipping Macrovision DRM software embedded in Windows, in order to “increase compatibility and playability” of video games.

Unfortunately, there’s a bug in the DRM code which allows privilege escalation. So Windows boxes are now being pwned across the Internet.

The best part: this video game DRM has been shipping in Windows Server 2003. Yeah, I bet lots of people need video game compatibility on Windows Server.

Oh, and Microsoft worked with Macrovision to fix the security holes in the Vista version of the DRM code—but they didn’t bother to fix the XP version. Classy.

© mathew 2017