Over at the eEye research site you can read a worrying and little confusing advisory (how can something be a local privilege escalation and a remote code execution attack at the same time?). I’m eagerly awaiting more details about this. In the mean time, don’t forget to subscribe to their Zero-Day tracker.

Update: I don’t know if this is the same, but SANS pointed me to this Microsoft advisory: MS06-075 – Vulnerability in Windows Could Allow Elevation of Privilege.

Update to the update: maybe it isn’t the same because SANS points out that this was patched in the last round of updates and the eEye advisory refers to something unpatched.