In its record-equalling Patch Tuesday yesterday, Microsoft issued a patch for a flaw inherent in every security product of its consumer and enterprise lines, including software either bundled with, or able to run on Vista.

Although 20 patches were issued – 11 listed as "critical" – the update that has analysts frothing at the mouth, according to Computerworld, is MS07-010 which patches a critical bug in the malware scanning engine used by Windows OneCare, Defender, Forefront and Antigen.
Because the scanning engine improperly parses PDF files, hackers can feed malformed PDFs to PCs via E-mail, for example, and grab control of machines without any interaction from users.
Microsoft says the bug hasn't been exploited by hackers yet, but Computerworld quotes Amol Sarwate, manager of Qualys' vulnerability lab as saying this is irrelevant.
"MS07-010 is the most critical of the bulletins.The flaw in the core protection engine of several Microsoft [security] products can be used to execute attack code on a machine without any user interaction. And this [is the software] which is supposed to protect your desktops and servers from attack," Sarwate is quoted as saying.
Computerworld says that others agree with Sarwate with Symantec rating the patch as 10/10 in its urgency scale, and nCircle Network Security's Minoo Hamilton stating that it was not only a critical fix, but an embarrassment to Microsoft.
"There have been so many vulnerabilities having to do with parsing files that this is exactly the kind of thing that you would have expected Microsoft to catch," Hamilton says. "They'll have to put more effort into securing their security software, because this is embarrassing."