Alot of buzz has been spewed by Microsoft about how secure they made Vista.  With its "Address Space Layout Randomization", which randomly moves a program's stack and libraries in memory, and Data Execution Prevention, Vista was supposed to be the most secure operating system around.  While we all know this not to be true, Vista is just as insecure as anything else, only a few major security flaws have been discovered... until now.  This one's a doozy.

Mark Dowd of IBM's Internet Security Systems and Alexander Sotirov of VMWare have found a way to completely demolish the relevance of Vista's security features.  They have found a method to plant binaries anywhere in the filesystem, with any permissions, and execute them.  This, like most attacks these days, is found at the application layer and deals with how Internet Explorer deals with active scripting.  Few details have been released at this point, but it is said that the method is simple and reusable. 

Dowd and Sotirov were able to load data on the system wherever they wanted and with any permissions they specified via Java applets, and ActiveX and .Net objects, The ramifications of this find is predicted to change the way technologists think about computer and network security.  Evidently, this is not only limited to Internet Explorer, but other browsers as well (possibly IE derivatives like Maxthon, not sure about Firefox/Opera).  Security and IT personnell should keep their eyes on this story, I have a feeling this will have a long lasting impact on IT policy.