Microsoft announced on Monday that customers using Windows 2003 and Windows XP have reported attacks exploiting a previously unknown vulnerability in a component of the operating system that implements Macrovision copy protection.

The flaw, which occurs in the secdrv.sys driver, could allow malicious code to elevate its privileges on the target machine, Microsoft stated in its advisory. Macrovision offered a patch for the problem on its site, and Microsoft plans to push the patch out to customers using its automatic update service after it has tested the patch.

…

The latest vulnerability, which is in the third-party Macrovision driver that ships with Windows XP and 2003, does not affect Windows Vista, according to Microsoft.

[securityfocus.com, Read more...]