Slashdot linked to this article on eWeek which describes a buffer-overflow vulnerability that would allow a person with physical access to your machine (enough to plug in a USB device) to get admininstrator access to it.
According to the article, there are a number of standard drivers built-in to Windows known to have buffer-overflow vulnerabilities. A user who wants access to a Windows 2000 or XP machine could program a USB memory stick to pose as a device with the driver vulnerability. This will trigger the loading of the flawed driver (as a system level user) and open up the system for the buffer-overflow exploit.
Read the article for more about this issue and what can be done about it.