Microsoft has an advisory and a blog entry up on a new vulnerability, CVE-2007-5587, in the Macrovision SECDRV.SYS driver. This file is included with Windows XP and Windows Server 2003.

It appears partial information on the vulnerability and exploit code has been in the wild since mid October, and it is being exploited in a limited number of incidents.

This is a local attack which allows privilege escalation to Ring 0 . However, this means it can be abused by those who are able to introduce and execute code on the system. Depending on the situation this could go beyond shared user environments as it could be delivered to a system using a variety of other attack vectors (browser exploits, e-mails, file format exploits).

While plans for an official Microsoft supplied patch are in the works, Macrovision has released an update from their website which allows you to mitigate this issue.

--
Maarten Van Horenbeeck