Security vendor Sophos reported last week that Microsoft's Vista is vulnerable to at least three pieces of widespread malware, two of which date back to 2004. At least three well-known internet worms - labelled Stratio-Zip, Netsky-D and MyDoom-O by Sophos - are able to execute on the operating system, according to Sophos.
However, because these attacks rely on user interaction to execute the code, Microsoft has denied this is a flaw. Microsoft said these attacks rely on social-engineering techniques to be successful.
It's really tough to stop malware when it's the user who's executing the code. ;)