Despite the level of access this could give an attacker, it requires the attacker to be at (or at least logged into) the computer. Microsoft says customers have reported "limited attacks."
Symantec reported two weeks ago in a security advisory that an enterprise security testing tool called Core Impact had a functional exploit. You can download a patch to fix the driver file (SecDrv.sys) from Macrovision.
Source: eWeek
Written by: Rich Fiscus @ 6 Nov 2007 11:13