A security researcher at Google is recommending computer users make several configuration changes to protect themselves against a previously unknown vulnerability that allows untrusted users to take complete control of systems running most versions of Microsoft Windows.
The vulnerability resides in a feature known as the Virtual DOS Machine, which Microsoft introduced in 1993 with Windows NT, according to this writeup penned by Tavis Ormandy of Google. Using code written for the VDM, an unprivileged user can inject code of his choosing directly into the system's kernel, making it possible to make changes to highly sensitive parts of the operating system.
http://www.theregister.co.uk/2010/01/19/microsoft_escalation_bug/
I'm sure, if these security researchers spend long enough, they will find minute bugs practically anywhere. Doesn't mean anyone's going to try to expliot them.
But it also doesn't mean that someone won't.
Just a note. This is for privilege escalation not remote exploitation.
It's also not in 64-bit windows. Yay!
I had some problem about a year ago when some old software we ran would not work anymore because of... copy protection using 16-bit ASM code which Windows did not emulate correctly :(