new_update

September 2015 Windows updates KB3086255 breaks many games.  Microsoft released twelve (12) bulletins.  Five (5) bulletins are identified as Critical and the remaining seven (7) are rated Important in severity.

The updates address vulnerabilities in Microsoft Windows, Microsoft,.NET Framework, Microsoft Office, Microsoft Lync, Microsoft Silverlight, Skype for Business Server, Microsoft Lync Server, Microsoft Edge and Internet Explorer

You can read all about them on Technet  and a break down of the most serious ones on Sans  ISC diary

I am just going to mention one September 2015 Windows update which will almost certainly  cause  a lot of problems for a load of users, mainly gamers who play popular games from a few years ago.

MS15-097: Description of the security update for the graphics component in Windows: September 8, 2015  KB3086255

This September 2015 Windows update  KB3086255 basically disables secdrv.sys which is an anti-piracy copy protection that is used by many games developers and some other software companies. The driver, secdrv.sys, is used by games which use Macrovision SafeDisc. Without the driver, games with SafeDisc protection would be unable to play on Windows.

You will know very quickly if you are affected by this update when you try to play a game that uses SafeDisc copy protection because you will get a message saying “Please login with administrator privileges and try again”. or some other similar message saying you need administrator privileges.

If you see that message on Windows 7 or Windows 8 / 8.1 then  use the fix described  in the Microsoft KB

There have been many security issues with secdrv.sys over the years and Microsoft decided not to allow it to run or be installed at all in windows 10

This comment from Wikipedia explains it

Operation

SafeDisc adds a unique digital signature to the optical media at the time of replication. Each time a SafeDisc-protected program runs, the SafeDisc authenticator performs various security checks and verifies the SafeDisc signature on the optical media. The authentication process takes about 10 to 20 seconds. Once verification has been established, the sequence is complete and the program will start normally. The SafeDisc signature is designed to be difficult to copy or transfer from the original media. (For example, it might change as a result of error correction during the copying process.) Certain multimedia programs are designed to run from the PC’s hard drive without accessing files from the program disc after the initial installation. SafeDisc will permit this as long as the consumer retains the original CD or DVD, which is required for authentication each time the program is launched. Failure to place the original disc in the drive when loading the program will prevent validation of the SafeDisc signature.

Windows 10

Shortly after the release of Windows 10, Microsoft announced that games with SafeDisc DRM will not run on its new operating system. Citing security concerns over the software due to the way in which it becomes “deeply embedded” in the system, Microsoft said “That’s where Windows 10 says, ‘Sorry’.” Supporting SafeDisc could have been a possible loophole for computer viruses to exploit. [3][4]

The known issues section says this

Known issues in this security update

  • After you install this security update, some programs may not run. (For example, some video games may not run.) To work around this issue, you can temporarily turn on the service for the secdrv.sys driver by running certain commands, or by editing the registry.Note When you no longer require the service to be running, we recommend that you turn off the service again.Warning This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.To do this, type the following commands at an elevated command prompt. You should press Enter after you type each command.
    • To disable the driver’s service, type the following command:
      sc config secdrv start= disabled
    • To set the driver’s service to manual, type the following command:
      sc config secdrv start= demand
    • To enable the driver’s service (and to set it to automatic), type the following command:
      sc config secdrv start=auto
    • To manually start the driver’s service, type the following command:
      sc start secdrv
    • To manually stop the driver’s service, type the following command:
      sc stop secdrv

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756 How to back up and restore the registry in Windows

Or, you can edit the registry directly. To do this, follow these steps:

  1. Click Start, click Run, type regedit in the Open box, and then click OK.
  2. Locate and then click the following subkey in the registry:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\secdrv
  3. Right-click Start, and then click Modify.
  4. In the Value data box, do one of the following:
    • Type 4 to disable the driver’s service, and then click OK.
    • Type 3 to set the driver’s service to manual, and then click OK.
    • Type 2 to set the driver’s service to automatic, and then click OK.
  5. Exit Registry Editor.

I honestly cannot see anyone constantly enabling and then disabling the already hated and buggy secdrv.sys driver service on a daily basis. It will get left enabled and then a user will be vulnerable to the attacks currently using it.

Any game listed here that shows securedisc (and possibly securerom)  as the DRM method is almost certain not to run with https://support.microsoft.com/en-us/kb/3086255 installed and active

You will know very quickly if you are affected by this update when you try to play a game  because you will get a message saying “Please login with administrator privileges and try again”.

If you see that message on Windows 7 or Windows 8 / 8.1 then  use the fix described earlier in the Microsoft KB

If you see that message in Windows 10 then you are out of luck and the game will not run on Windows 10 There are no known legitimate or safe methods to install or run these older games on Windows 10

 



 

Leave a Reply

15 Comments on "September 2015 Windows updates KB3086255 breaks many games"

Notify of
avatar
10000

Sort by:   newest | oldest | most voted
Tom
Guest
Tom
10 September 2015 2:30 pm 2:30 pm

I checked the list of games and, seriously, had no idea there were that many. I’ve only played a few games but have thoroughly enjoyed the ones I do have. Halo 2 tells me I need administrator rights since this update and even using administrator’s rights the game won’t play. Couple of questions:

1: Does “auto” setting activate this “hinky” software just during game play and then auto deactivates?

2: Does setting the “secdrv” to “auto” allow/activate the vulnerability even while I’m not playing Halo 2?

Thanks in advance, Tom

Kolia
Guest
Kolia
12 September 2015 10:18 am 10:18 am

Thank you very much!

Now I can replay to Rise of Nations again 🙂

Bart
Guest
Bart
12 September 2015 10:27 pm 10:27 pm

Many thanks. My son was really upset and this fixed it (removing that update)

Woody
Guest
Woody
16 September 2015 4:51 pm 4:51 pm

Hey! Mine is Win7. i dont understand how to search and which article described “Microsoft KB” earlier.
If my PC has already updated with that 3-4 days ago, can i still restore the update? Cuz i feel like there a options(dates) i can choose from

Tom
Guest
Tom
20 September 2015 12:09 pm 12:09 pm

Hi thanks for posting this, however I can’t seem to get Microsoft’s manual workaround to work, whenever I try ‘demand’ or ‘auto’ in the command prompt it just tells me that ‘access is denied’, and when I try ‘sc start secdrv’ it tells me ‘The service cannot be started, either because it is disabled or because it has no enabled devices associated with it’.

Do you have any idea why or how I can get around this? Am happy to use the manual workaround every time I want to play my game, but not sure why I can’t access the secdrv in command prompt. Also, I tried uninstalling the update to check, and the game worked again, but I reinstalled it as I don’t know what the risks are. Any idea exactly what kind of security issues it addresses, and whether we could get away without this update altogether?

Thanks in advance!

Peter
Guest
Peter
21 September 2015 8:48 pm 8:48 pm

I have been a Flight Simulator user since FS98,FS2000,FS2002 and FS2004 and now with this latest problem I cannot fly.I have looked at all of the above solutions,but I cannot make any sense out of them.Why can’t Microsoft come up with an answer?They caused the whole of the Flight Sim community to be up in arms.Answers please Mr Gates.

Tobias
Guest
Tobias
26 September 2015 2:06 pm 2:06 pm

Which step should I take in Windowns 8,1 when there is no start meny?

Matt
Guest
Matt
9 October 2015 5:46 am 5:46 am

Trying to force AOM to run. Gone to cmd line in with admin rights.

Microsoft Windows [Version 10.0.10240]
(c) 2015 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>sc config secdrv start= disabled
[SC] ChangeServiceConfig SUCCESS

C:\WINDOWS\system32>sc start secdrv
[SC] StartService FAILED 1058:

The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

C:\WINDOWS\system32>sc config secdrv start=auto
[SC] ChangeServiceConfig SUCCESS

C:\WINDOWS\system32>sc start secdrv
[SC] StartService FAILED 1275:

This driver has been blocked from loading

TheBigRageCauser
Guest
TheBigRageCauser
13 July 2016 7:23 am 7:23 am

I tried every step my Command and Conquer Generals still gives me the same message I’m running windows 7 Ultimate

wpDiscuz