secdrv.sys

Company
Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.
Decription

Macrovision SECURITY Driver

Version
4.3.86.0
Architecture
64 bit
Threat Score
0 %
Original size
23 Kb
Download size
12 Kb
MD5
3ea8a16169c26afbeb544e0e48421186
SHA1
1d900e0f3791597aebfb9b1c91624b02ce2256ae
SHA256
34bbb0459c96b3de94ccb0d73461562935c583d7bf93828da4e20a6bc9b7301d

ERROR

The game fails to start, even when logged in with the administrator account.

 

CAUSE

On November 7, 2007 Microsoft stated that "There is vulnerability in Macrovision SECDRV.SYS driver on Windows and it could allow elevation of privilege. The driver, secdrv.sys, is used by games which use Macrovision SafeDisc. Without the driver, games with SafeDisc protection would be unable to play on Windows"[1].

This vulnerability was patched by Microsoft on December 11, 2007 for Windows XP and on 8 September 2015 for Windows Vista, 7, 8 and 8.1.

1. Article SafeDisc from Wikipedia

SOLUTION

If you are running Windows Vista, 7, 8 or 8.1 you can apply the solution provided by Microsoft in the article MS15-097

If you are running Windows XP you can apply the solution provided by Microsoft in the article MS07-067

Please NOTE: Applying this solution will make your Windows PC less secure, and will NOT work on Windows 10 as Microsoft completely removed the driver. yell

Other solution?

  • Repurchase the game digitally (on GOG.com for example)
  • Get a no-CD crack (Not recommended)

 

So what happen?

Many games from the early-mid 2000's used Macrovision's SafeDisc or Securom DRM as a means of copy protection.

There are quite a few games affected by these DRM services being blocked by the Microsoft update KB3086255, released in September 2015 — hundreds according to initial reports.

These DRM  services where vulnerable to privilege escalation: CVE-2015-2511, CVE-2015-2517, CVE-2015-2518, CVE-2015-2546

Some popular titles are in the mix such as the original Age of empire, The Sims, Grand Theft Auto 3, Microsoft Flight Simulator 2004, Crimson Skies and many others.

 

Description of the behaviour and testing:

At game startup, Windows loaded SECDRV.SYS to verify an original game disc was in the drive, after which the game would start.

 

When you try to run ANY game which uses this SafeDisc form of copy protection in Windows 10, the following happens:

 

  • You get an error window that tells you to log in with Administrator Privileges and to try again. This happens on any account, even those with Administrator access.
  • The game fails to start.
  • If you then set "Run as Admin" compatibility mode on the game's startup file, the message disappears, but the game doesn't start.

 

Credit:
Last update: 20/08/2019