Macrovision has published a patch defending against a security vulnerability in its SafeDisc copy protection software that has become the target of a hacker attack.

The Macrovision update comes 20 days after the security vulnerability was discussed in non-specific terms on Symantec's Security Response Weblog. The flaw, though Symantec wasn't specific on this, involves a privilege elevation bug in Macrovision secdrv.sys driver that comes bundled with Windows XP and 2003 (though not Windows Vista).

Although the bug is relatively mild (a glass of beer, perhaps, compared to the Pan Galactic Gargle Blaster effects of the likes of other Windows flaws), it still captured the imagination of hackers, probably because it involved DRM software. Exploit code leaked onto the net leading to "limited attacks" since, Microsoft said on Monday.

The publication of a security advisory by Microsoft coincided with the release of an update from Macrovision. Windows XP and Windows Server 2003 users are advised to apply the Macrovision update, which is due to be rolled out automatically as part of the next Patch Tuesday update on 13 November. ®

Related stories

• Three critical fixes star in Patch Tuesday update (12 December 2007)
• Microsoft readies seven patches for Tuesday (6 December 2007)
• Microsoft on the hunt for 'serious' Windows flaw (26 November 2007)
• Windows update offers defence against shell bug (14 November 2007)
• Apple patches critical iTunes bug (7 September 2007)
• Zero-day security flaw leaves Firefox wide open (25 July 2007)
• Sony BMG sues DRM developer (16 July 2007)
• Microsoft zero-days said to target Office and Windows (11 April 2007)
• Interview The rise of zero-day patches (2 March 2007)
• Hackers target unpatched Office flaw (5 February 2007)
• DRM maker denies plans to shatter iPod users' eardrums (9 November 2005)
• Update Macrovision to tout lock-down DVD tech (15 February 2005)