MSRC Blog: We are closely monitoring developments related to a public posting of proof of concept code targeting an issue with the Client Server Run-Time Subsystem. The PoC reportedly allows for local elevation of privilege on Windows 2000 SP4, Windows Server 2003 SP1, Windows XP SP1, Windows XP SP2 and Windows Vista operating systems. Initial indications are that in order for the attack to be successful, the attacker must already have authenticated access to the target system. Of course these are preliminary findings and we have activated our emergency response process involving a multitude of folks who are investigating the issue in depth to determine the full scope and potential impact to Microsoft’s customers. Currently we have not observed any public exploitation or attack activity regarding this issue. While I know this is a vulnerability that impacts Windows Vista I still have every confidence that Windows Vista is our most secure platform to date. As always, we here at the MSRC encourage everyone to enable a firewall, apply all security updates and install anti-virus and anti-spyware software.
Regardless of it being the holiday season the MSRC will be monitoring overall threat conditions for this and any other issue reported to us. If we do see anything that we believe puts Microsoft customers at risk, or significant new developments, we will update everyone through our standard mechanisms including this blog and if need be, an Advisory with additional details.
Full Story : Welcome to the Microsoft Security Response Center Blog! : New report of a Windows vulnerability
cool…lets c when they launches their Vista SP1 
Proof-of-concept exploit code for a privilege escalation vulnerability affecting all versions of Windows—including Vista—has been posted on a Russian hacker forum, forcing Microsoft to activate its emergency response process. Mike Reavey, operations manager of the Microsoft Security Response Center, confirmed that the company is “closely monitoring” the public posting, which first appeared on a Russian language forum on Dec. 15. It affects “csrss.exe,” which is the main executable for the Microsoft Client/Server Runtime Server.
According to an alert cross-posted to security mailing lists, the vulnerability is caused by a memory corruption when certain strings are sent through the MessageBox API. “The PoC reportedly allows for local elevation of privilege on Windows 2000 SP4, Windows Server 2003 SP1, Windows XP SP1, Windows XP SP2 and Windows Vista operating systems,” Reavey said in an entry posted late Dec. 21 on the MSRC blog.
“Initial indications are that in order for the attack to be successful, the attacker must already have authenticated access to the target system. Of course these are preliminary findings and we have activated our emergency response process involving a multitude of folks who are investigating the issue in depth to determine the full scope and potential impact to Microsoft’s customers,” Reavey added.
Vista Exploit Surfaces on Russian Hacker Site
Kaspersky predicts Vista security holes
Antivirus experts have predicted that 90 percent of current malware will run on Microsoft’s latest operating system, Windows Vista, ZDNet UK reports.
Although at the moment Vista appears to be more secure than previous Windows operating systems, researchers have warned that as Vista becomes more popular, it will increasingly become a target for hackers. “We’re not asking whether vulnerabilities will be found, but when,” said one researcher.
According to the researcher, one of the first pieces of the operating system to be attacked will be PatchGuard. PatchGuard attempts to protect the Vista kernel from unauthorised modification. It will lock down the system if it detects an unauthorised patch of certain kernel data structures or code.
Another target for hackers will be the system of user privileges - User Account Control (UAC), which can be used to restrict users’ administrative rights. The probable attack vector will be Internet Explorer 7, the web browser bundled with Vista, said the reasercher.
Kaspersky predicts Vista security holes - ZDNet UK