I've been working on the publication of a Windows Vista exploit that targets User Account Control (UAC), the part of Windows Vista that prompts users to explicitly grant administrative approval whenever a privileged operation takes place. Once I finish my whitepaper and proof-of-concept code for it, I'll submit it to Microsoft and give them a week before I publically disclose it to Bugtraq. Why am I giving them only a week to respond to it? Because in Microsoft's mind, it doesn't seem to be a "security"...