What's happening: A vulnerability has been found in a critical portion of Microsoft Vista that Microsoft does not yet have a patch for.
What it means: Vulnerabilities not having patches are particularly serious because cybercriminals often target this known problem. Standard antivirus/antispyware protection may be ineffective against attacks.
What to do: Management must alert IT staff to get in-front of the problem and apply mitigating controls. Ask IT staff for guidance with home computers. Warn staff to be particularly alert to danger signals. Consider replacing antivirus/anti-spyware solutions with newer intrusion detection and prevention solutions.
**********************************
The Register: Microsoft has promised to patch a serious flaw in newer versions of its Windows operating system after hackers released exploit code that allows them to take complete control of the underlying machines. The flaw affects various versions of Windows Vista, 2008, and the release candidate version of Windows 7.
Marc Maiffret, director of professional services at our strategic partner The DigiTrust Group, is quoted in the article.
http://www.theregister.co.uk/2009/09/09/microsoft_windows_security_bug/