• PC World
• »Software
• »Operating Systems

Microsoft reports "limited" attacks on Windows XP systems via an unexpected path exploiting a security hole in a copy protection program that comes with XP. (Windows Vista is not at risk.)

The program that attackers are leveraging is Macrovision's SafeDisc, optical-disc copy prevention software for Windows applications and games. The flaw is located in a system driver file called secdrv.sys. Microsoft immediately issued a Security Advisory.

Macrovision released a patch; at press time Microsoft was still testing the patch and was not yet distributing it via its automatic updates.

A successful attack could lead to a complete takeover of your PC, but such a success is harder to pull off than with most garden-variety "critical" bugs. Regardless, grabbing the patch is a good idea: You never know when some unscrupulous hacker will tweak the exploit code to make it far more dangerous.

Get a Handle on URI Bug

Microsoft finally produced the long-awaited patch for the "URI Handler" bug that I wrote about last month. If you are running Internet Explorer 7 on Windows XP, you're vulnerable and you need the patch. If you are running IE 7 on Windows Vista, though, you're safe.

Attacks "in the wild" based on this flaw have already occurred. This assault, however, requires interaction with third-party programs such as the Mozilla Firefox browser or Adobe Acrobat to work. Luckily, those software makers patched their products quickly, while everyone waited for a more complete fix from Microsoft. If you have automatic updates enabled on your Windows XP system, you should have the patch by now. Otherwise, be sure to get your hands on the patch.