Windows XP
The Universal Plug and Play (UPnP) service that is enabled by default with Windows XP has a serious bug that can be DoS'd on the port UPnP listens on. The bug also allows ANY malicious user with your IP address to have FULL control over your computer. "The attacker might as well be sitting at your keyboard." said Scott Culp, Manager of Microsoft's Security Response Center. The patch to fix this is available here1. More information of this bug is available at:

http://download.microsoft.com/download/whistler/Patch/Q315000/WXP/EN-US/Q315000_WXP_SP1_x86_ENU.exe

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms01-059.asp

Windows 2000
A vulnerability exists in Microsoft IIS 5.0 (As well as 4.0) running on Windows 2000 that allows a remote intruder to run anything on the victim's machine, allowing them to gain complete administrative control of the machine. It works by Internet Printing Protocol (IPP) through an ISAPI extention. This extention is installed on Windows 2000 systems by default, but only accessible through IIS 5.0. The attacker could cause a buffer overflow that could lead to the compromise of the machine. Attackers of this vulnerability have already made zombies and worms such as Code Red that exploit this hole to do mischevious things, such as use YOUR machine to DoS (Denial of Service attack) www.whitehouse.gov on a specific date. A patch is available here1. More information on this vulnerability is available at:

http://download.microsoft.com/download/win2000platform/Patch/q296576/NT5/EN-US/Q296576_W2K_SP2_x86_en.EXE

http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29321