PC World reports that an anonymous group of security researchers published last week information about an unpatched flaw in Windows Vista and Windows Server 2008.
The flaw in Windows Vista and Server 2008 could be used by attackers to gain unauthorized access to a PC or cause it to crash. Microsoft downplayed the threat, saying that the vulnerability required an attacker to have physical access to the computer or have compromised it with another exploit. Danish vulnerability tracking firm Secunia agreed with Microsoft that the bug was relatively minor, classifying it as a "less critical" threat, the second-lowest ranking in its five-step system. According to Secunia, the bug affects fully patched versions of Windows Vista Business SP1 and Windows Server 2008 Enterprise SP1 and SP2, and possibly other editions of operating system.