Microsoft is working with Macrovision to fix a zero-day Windows flaw attackers have actively exploited in recent weeks to hijack targeted machines.
Microsoft said late Monday that the flaw affects the Macrovision SafeDisc (secdrv.sys) copy protection software embedded in Windows Server 2003 and Windows XP. In Security Advisory 944653, Microsoft said it is aware of "limited attacks" exploiting the flaw and that it's "actively monitoring this situation to keep customers informed and to provide customer guidance as necessary."
The flaw has been public knowledge for nearly three weeks. On Oct. 19 the French Security Incident Response Team (FrSIRT) released advisory 3537 describing a memory corruption error in secdrv.sys that surfaces when the program tries to process user-supplied data. Attackers could exploit the flaw to gain elevated user privileges and "take complete control of an affected system," FrSIRT said.
On Oct. 16, Elia Florio of the Symantec Security Response Center blogged about privilege escalation exploits she had observed in the wild, and noted that Microsoft had been notified of the threat.
In its advisory, Microsoft noted that users can install a Macrovision update addressing the flaw in supported editions of Windows Server 2003 and Windows XP. However, Microsoft also plans to address the flaw in an upcoming security update.
"Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers … This will include providing a security update through our monthly release process," Microsoft said.