Vista’s UAC (User Account Control) which Microsoft said would the bread and butter of their new security features can easily be rendered useless. Pcworld has this article(printable version) that has more information.
The rundown is that a seedy malware writer can do some crafty scripting and add a dll file to the hard drive, then when the malware attempts to run Vista will run the UAC and change warning dialog to a dialog which signifies that this is part of the operating system itself and inherently safe. By this time the user is already accustom to clicking confirm and automatically clicks and poof magically infected system.
Microsoft responded with this “They did not see it as an issue,”. Therefore nothing is being done about this.