eEye wants you to know that Microsoft has eight lingering zero day vulnerabilities, including one they say has been exposed for 420 days…

The following entries are active zero-day vulnerabilities. They have been publicly disclosed and/or used in attacks, and do not have any published vendor-supplied patch.

No vendor patch…but eEye will sell you some software that will “fix” things. The site is actually an advertisement for eEye products, so it’s interesting to see them alerting people to a low risk vuln that is over a year old, while still calling it “zero day”. Usually people talk about protecting you from tomorrow’s risks, rather than the ones you know of and probably aren’t planning to do anything about. On the other hand, maybe someone will find a way to increase damage or expand the risk of Microsoft’s memory exhaustion flaw.