Microsoft update breaks Safedisc games on Windows Vista, 7 and 8
A recent security patch released this month, MS15-097 Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution, breaks computer games that rely on the DRM system Safedisc on Microsoft's Windows Vista, Windows 7 and Windows 8 operating system.
Games that rely on Safedisc include the Age of Empire series, Battlefield 1942, Civilization 3, various Command and Conquer games or Microsoft Flight Simulator. These are all old games released more than 10 years ago but still playable on modern systems.
The security bulletin itself mentions that the update resolves vulnerabilities in Microsoft Windows, Microsoft Office and Lync which attackers could exploit to run code remotely on affected systems.
The description on Microsoft's Knowledge Base adds that the security bulletin "addresses a defense-in-depth update for the secdrv.sys driver, a third-party driver" by turning the service for the driver off.
The driver secdrv.sys is used by Macrovision's SafeDisc copy protection scheme.
This has the consequence that games that rely on Safedisc won't work anymore on all systems the patch was installed on.
The same Knowledge Base articles offers a workaround to play these games on patched systems again. The caveat is that doing so will render the systems vulnerable again. Microsoft states explicitly that it does not recommend the workaround because of this.
The workaround requires that you start the driver before you play games that require Securom and stop it again the moment you are finished playing these games.
All commands require an elevated command prompt. On Windows 8 press Windows-X, and select Command Prompt (admin) from the context menu. In earlier versions of Windows, tap on the Windows-key, type cmd.exe, right-click on the result and select "run as administrator".
To start the service manually
Run the command sc start secdrv which starts the service if it is installed on the system.
To stop the service manually
Run the command sc stop secdrv which stops it immediately so that the system is no longer vulnerable to attacks.
Microsoft has released instructions on how to make the changes permanent. While that is more convenient than having to run these commands before each game session, it makes the system vulnerable to attacks again.
Please note that the service is only installed on the system if a game that required the DRM was installed on it.
Windows 10, Microsoft's newest operating system won't run games requiring SecuROM or SafeDisc as well because of security loopholes they may introduce on the system.
Is this related to why I can’t suddenly play civ 5? I get a new windows update and now cannot play just this game, and now keeps showing another windows update needed. I shut down and let it install but when I boot back up the game is still broken(tried uninstalling/reinstalling the game too) AND it still keeps asking me to shut down to install another update…
I am so tired of ‘things’ breaking other ‘things’ in the name of security. When will MS (and others) come to the realization that when they close one door, hackers will just look for (and eventually find) other open doors? That hasn’t seemed to work in the past for the sieve called ‘Windows’, but yet they keep doing the same thing over and over, and expect different results (insanity!). Just post a ‘guard’ at the door instead of closing it. Or, better yet, just get it right the first time – instead of releasing a ‘prayer’, hoping it works, and then patching the patch for the patch, etc.
Don’t install this “update”. Problem solved.
Yet another reason to buy your games from GOG, the DRM-Free alternative to Steam.
(Steam *still* sells games containing SecuROM, which Windows 10 broke a while back.)
Safest and simplest way to launch an older game that uses secdrv would be to create a batch file to start the svc, launch the game and wait for it to exit and stop the svc.
Example:
sc start secdrv
START “TITLE” /WAIT “path to game exe\game.exe”
sc stop secdrv
Great opportunity to show users why and when to use an Environmental Variable program such as those mentioned earlier in the week. Make a batch script and create an System [or User] Environmental Variable. Somewhat pointless to introduce Environmental Variables and never mention the feature again or show users when they may want to use it.