Last fall security researchers discovered a security flaw that used the Windows messaging system to request privileged applications to run malicious code. The original discoverer of this type of attack dubbed it "shatter."

When informed of the flaw last fall Microsoft insisted that because the attacker would need physical access to the PC it was not a flaw at all. Microsoft maintains a position that if someone has physical access to your PC you already lost- no amount of proper coding and security precautions can stop someone with physical access and time on their hands.

Eventually they patched it anyway. Now, researchers are pointing out that Microsoft only patched the instance of the flaw for one specific process, while leaving the root vulnerability and other applications open to attack. They state that this is not a single vulnerability, but a class of attack that many processes and applications are vulnerable to.

For more information you can read this News.com article.

[EDIT]had to fix spelling errors [/EDIT]