Hello guys; I just found this that says it will be fixed in SP2. Dated 24 November
Newly discovered Vista vulnerability to be fixed in SP2.
Three security researchers, Marius Wachtler, Michael Burgbacher, and Carson Hounshell recently found a vulnerability in Windows Vista (with or without SP1) that could allow an attacker to remotely take control of a PC.
Craggs and Unterleitner work for Phion AG, the security company that published details of the vulnerability. The problem, which is in the Device IO Control, affects both 32-bit and 64-bit editions of Vista (XP is unaffected). The problem can be exploited in two different ways to cause a buffer overflow that can corrupt the memory of the operating system's kernel.
The good news is in the requirements of the exploit, according to the Phion report: "To execute either the sample program or the route-add command, the user has to be member of the Network Configuration Operators group or the Administrators group." Phion notes that this diminishes the risk of a PC being exploited, though Unterleitner, the Austrian security vendor's director of endpoint security software, believes that it might be possible to produce the buffer overflow without administrative rights.
Read more at the source.
Later
Ted