Ryan Naraine's blog entry on ZDNet explains the essentials of the attach that bypasses Vista's User Account Control (UAC). This is a theoretical attack at this time, but by all accounts it appears to be viable. It's worth checking out, even if you're not a security fanatic.
Everyone knew at least some of Vista's security features would be compromised eventually. Even Microsoft was under no illusions on that score. At least this one, while major, is able to be countered with patches. And I still think Vista is at the least marginally more secure than any version of Windows before it. Only time will tell if I am right or wrong.