Microsoft Security Advisory MS01-008 - A flaw in the NTLM Security Support Provider (NTLMSSP) service allows a non-administrative user to gain administrative control over the system. In order to perform this attack the user would need a valid login account and the ability to execute arbitrary code on the system. Microsoft FAQ on this issue available here.
fd372dce83d40400b88e4302defae7822e466e7f14d6a75ba1e1441d17864a81