P.S. I am pretty dissapointed in SPI Dynamics for getting themselves some PR attention via this supposed exploit without first having reported it to MS. That is not the best behavior, for a responsible company. I like those guys, they do good work and are decent folk (yes, I've met some of them), but that seems like pretty irresponsible behavior.