Tavis Ormandy, a security researcher a Google , discovered a security flaw in the Virtual DOS Machine that can allow a nefarious user to inject code into the kernal and possibly install malware.

Given that all modern versions of Windows still feature the Virtual DOS Machine, this is a vulnerability that still exists today.

Ormandy wrote:

"All 32bit x86 versions of Windows NT released since 27-Jul-1993 are believed to be affected, including but not limited to the following actively supported versions:

Microsoft will release an update for this  February 9th that will fix five vulnerabilities that allow attackers to hijack a Windows PC and run their own programs on it. Yet another good reason to have automatic updates enabled on your PC if you don't already!