After Hours

Security news roundup: November 6

Here's a collection of recent security vulnerabilities and alerts, which covers an escalation of priviledge vulnerability found in the Macrovision driver on Windows, a new release of Apple's QuickTime which fixes seven critical vulnerabilities, and vulnerabilities discovered in Perl and its Regular Expressions library.

Here's a collection of recent security vulnerabilities and alerts, which covers an escalation of priviledge vulnerability found in the Macrovision driver on Windows, a new release of Apple's QuickTime which fixes seven critical vulnerabilities, and vulnerabilities discovered in Perl and its Regular Expressions library.

  • Escalation of priviledge vulnerability in Macrovision driver on Windows

Microsoft has released a security vulnerability pertaining to reports of a vulnerability of Macrovision's secdrv.sys driver on supported editions of Windows Server 2003 and Windows XP. Registered users can leaverage the vulnerability to escalate their restricted privileges.

According to the Security Advisory:

This vulnerability does not affect Windows Vista. We are aware of limited attacks that try to use the reported vulnerability. Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary.

Users are encouraged to install the update by Macrovision.
  • Apple fixes critical vulnerabilities in QuickTime (again)

Apple has released QuickTime 7.3, which fixes seven critical flaws in the vulnerability-plagued software.

For those with the stomach for more details, check it out at: (heise Security):

  • Vulnerabilities in Perl and Regular Expressions library

Tavis Ormandy and Will Drewry have discovered a flaw in Perl's regular expression engine. Specially crafted input to a regular expression can cause Perl to improperly allocate memory, resulting in the possible execution of arbitrary code with the permissions of the user running Perl.

Additional reading as well as patches can be obtained here (Mandrake Security Advisory), here (Red Hat Security Advisory) and here (Debian Security Advisory).

    About Paul Mah

    Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.

    Editor's Picks

    Free Newsletters, In your Inbox