You are viewing a read-only archive of the Blogs.Harvard network. Learn more.
Skip to content

DRM that could get you pwned

Unlike the recent Sony Rootkit fiasco the latest flaw in Macrovision’s SafeDisc technology was not an intentional backdoor. Despite this the fact remains that the latest Microsoft Security update includes a patch which, if not applied, could allow an attacker to leverage Macrovision DRM to exploit your system. The driver at issue here “validates the authenticity of games that are protected with SafeDisc and prohibits unauthorized copies of such games to play on Windows.” This is a fact often overlooked by the DRM industry. While the technology creates a slight barrier to copying of games it increases the attack surface area of every consumer who possesses the driver. In this case the driver comes with every copy of Microsoft Windows.
Exploiting the driver “allows unprivileged users to gain SYSTEM privileges”. This could be exploited very easily in a DriveByDownload situation and the exploit has already been spotted in the wild. It is a very heavy price for consumers to pay and they receive almost nothing in return. DRM is another layer of complexity which will always be under attack and a possible vector for vulnerability.

For more information:
WinXP and 2003 k-plugin demonstration
Report of exploit in the wild
technical details of exploit
Macromedia SafeDisc Site

Disclosure Timeline:
Reported @ reversemode (Wednesday, 17 October 2007) Written by Rubén
Security Advisory Published: November 5, 2007
Patch Published: December 11, 2007

Post a Comment

You must be logged in to post a comment.