Some info about the Apple Remote Desktop flaw
This is my best understanding of the situation:
This flaw will affect you whether you have ARD on or off, since the flaw actually exploits the fact that ARDAgent.app has the SetUID bit on. Basically it executes stuff as root user without requiring the admin password. So assuming your corporate Mac network doesn't use this for administration, you can just unset the SetUID bit.
> cd /System/Library/CoreServices/RemoteManagement
> chmod u-s ARDAgent.app
Job done.
For the record, have a Macbook Pro 15.4" with Leopard AND Vista 64-bit Business. Enjoy your flaming everyone.