September 2015 Windows Updates KB3086255 Breaks Many Games
September 2015 Windows updates KB3086255 breaks many games. Microsoft released twelve (12) bulletins. Five (5) bulletins are identified as Critical and the remaining seven (7) are rated Important in severity.
The updates address vulnerabilities in Microsoft Windows, Microsoft,.NET Framework, Microsoft Office, Microsoft Lync, Microsoft Silverlight, Skype for Business Server, Microsoft Lync Server, Microsoft Edge and Internet Explorer
You can read all about them on Technet and a break down of the most serious ones on Sans ISC diary
I am just going to mention one September 2015 Windows update which will almost certainly cause a lot of problems for a load of users, mainly gamers who play popular games from a few years ago.
This September 2015 Windows update KB3086255 basically disables secdrv.sys which is an anti-piracy copy protection that is used by many games developers and some other software companies. The driver, secdrv.sys, is used by games which use Macrovision SafeDisc. Without the driver, games with SafeDisc protection would be unable to play on Windows.
You will know very quickly if you are affected by this update when you try to play a game that uses SafeDisc copy protection because you will get a message saying “Please login with administrator privileges and try again”. or some other similar message saying you need administrator privileges.
If you see that message on Windows 7 or Windows 8 / 8.1 then use the fix described in the Microsoft KB
There have been many security issues with secdrv.sys over the years and Microsoft decided not to allow it to run or be installed at all in windows 10
This comment from Wikipedia explains it
Operation
SafeDisc adds a unique digital signature to the optical media at the time of replication. Each time a SafeDisc-protected program runs, the SafeDisc authenticator performs various security checks and verifies the SafeDisc signature on the optical media. The authentication process takes about 10 to 20 seconds. Once verification has been established, the sequence is complete and the program will start normally.
The SafeDisc signature is designed to be difficult to copy or transfer from the original media. (For example, it might change as a result of error correction during the copying process.) Certain multimedia programs are designed to run from the PC’s hard drive without accessing files from the program disc after the initial installation. SafeDisc will permit this as long as the consumer retains the original CD or DVD, which is required for authentication each time the program is launched. Failure to place the original disc in the drive when loading the program will prevent validation of the SafeDisc signature.
Windows 10
Shortly after the release of Windows 10, Microsoft announced that games with SafeDisc DRM will not run on its new operating system. Citing security concerns over the software due to the way in which it becomes “deeply embedded” in the system, Microsoft said “That’s where Windows 10 says, ‘Sorry’.” Supporting SafeDisc could have been a possible loophole for computer viruses to exploit. [3][4]
The known issues section says this
Known Issues In This Security Update
- After you install this security update, some programs may not run. (For example, some video games may not run.) To work around this issue, you can temporarily turn on the service for the secdrv.sys driver by running certain commands, or by editing the registry.Note When you no longer require the service to be running, we recommend that you turn off the service again.Warning This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.To do this, type the following commands at an elevated command prompt. You should press Enter after you type each command.
- To disable the driver’s service, type the following command:
sc config secdrv start= disabled
- To set the driver’s service to manual, type the following command:
sc config secdrv start= demand
- To enable the driver’s service (and to set it to automatic), type the following command:
sc config secdrv start=auto
- To manually start the driver’s service, type the following command:
sc start secdrv
- To manually stop the driver’s service, type the following command:
sc stop secdrv
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs.
For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
Or, you can edit the registry directly. To do this, follow these steps:
- Click Start, click Run, type regedit in the Open box, and then click OK.
- Locate and then click the following subkey in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\secdrv - Right-click Start, and then click Modify.
- In the Value data box, do one of the following:
Type 4 to disable the driver’s service, and then click OK.
Type 3 to set the driver’s service to manual, and then click OK.
Type 2 to set the driver’s service to automatic, and then click OK. - Exit Registry Editor.
I honestly cannot see anyone constantly enabling and then disabling the already hated and buggy secdrv.sys driver service on a daily basis. It will get left enabled and then a user will be vulnerable to the attacks currently using it.
Any game listed here that shows securedisc (and possibly securerom) as the DRM method is almost certain not to run with https://support.microsoft.com/en-us/kb/3086255 installed and active
You will know very quickly if you are affected by this update when you try to play a game because you will get a message saying “Please login with administrator privileges and try again”.
If you see that message on Windows 7 or Windows 8 / 8.1 then use the fix described earlier in the Microsoft KB
If you see that message in Windows 10 then you are out of luck and the game will not run on Windows 10 There are no known legitimate or safe methods to install or run these older games on Windows 10