The Shatter Attack potential is still present with Vista. Something that you'd think was not possible is still present in Vista.
The ability to enumerate windows running in a session, get a handle to that window and send it windows messages, such as WM_KEYDOWN, is still possible from a lower privlege process to a higher privelege process.
So, a low privlege process could search all the windows, find say perhaps a CMD prompt running as adminstrator, then send a buch of keystrokes to it to execute an elevated command.
That's a big hole.
Link to invisiblethings' blog: Running Vista Every Day!