Microsoft is reporting "limited" attacks on Windows Server 2003 and Windows XP systems that are being made through a security hole in a copy protection program from Macrovision that it includes with those systems. Windows Vista is not affected by the vulnerability.
The affected program is called SafeDisc and the hole is in a file called secdrv.sys.
News of the flaw came in a Security Advisory that the company issued late Monday afternoon. Microsoft says they are working on a patch which they'll release as part of the company's regular Patch Tuesday process.
In the meantime, Macrovision itself has issued a patch of its own.
Symantec's Security Response Weblog discussed the hole in general in mid-October but didn't give enough details to help the bad guys.
A successful attack could result in escalation of privileges, which could lead to a complete takeover of your PC, but successful exploits are harder to pull off than your garden variety "critical" bug. Security researcher Secunia, for instance, lists this one as only a "less critical" hole ? the second lowest tier of its five-tier severity rating system.
Still it's a good idea to get the patch. You never know when someone will tweak the exploit code to make it do much more serious damage.
