The Windows MessageBox exploit (also referred to as NtRaiseHardError was first released publicly on December 20, 2006. A proof-of-concept that works on Vista was released on December 31st, and verified to work by eEye Research, making it the first Vista exploit. The exploit, a vulnerability with the Client/Server Runtime Server Subsystem, allows a logged in user to have their privileges elevated to SYSTEM, and does not require user interaction (ie can be executed remotely). Microsoft is of course aware of the exploit, but no patch has yet been released. McAfee rates it as a Medium threat, as does eEye Research.