Vulnerability Identifier: CVE-2007-5587
Discovery Date: Dec 11, 2007
Risk: Important
Vulnerability Assessment Pattern File: 083
Affected Software:
  • Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 Service Pack 2
  • Microsoft Windows Server 2003 x64 Edition
  • Microsoft Windows Server 2003 x64 Edition Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows XP Professional x64 Edition Service Pack 2
  • Microsoft Windows XP Service Pack 2
Description:

This update resolves one publicly disclosed vulnerability. A local elevation of privilege vulnerability exists in the way that the Macrovision driver incorrectly handles configuration parameters. An attacker who successfully exploited this vulnerability could take complete control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.


Patch Information:

Download the patches for this vulnerability from the following Microsoft Web page:

Microsoft Security Bulletin MS07-067


Workaround Fixes:

Disabling the SECDRV.SYS driver in the system registry key helps protect affected systems from attempts to exploit this vulnerability. Note, however, that programs requiring this driver will not run.