However, the vulnerability may be exploited only on Windows Server 2003, Windows XP (all flavors), while Vista users will have nothing to worry about this time, Microsoft stressed out
According to Danish security website Secunia, the flaw only deserves a “less critical” rating due to the fact that only local users can be exploit it to gain escalated privileges:
“The vulnerability is caused due to an input validation error within secdrv.sys when handling arguments passed to certain IOCTL handlers. This can be exploited to e.g. overwrite arbitrary kernel memory and execute arbitrary code with SYSTEM privileges.”
Microsoft promised that the flaw would be fully closed during the next Patch Tuesday update (13 November). In the Mean time, those willing to fix the flaw can install an update provided by Macrovision.