UAC itself is brilliant, wonderful, fantastic, will protect lots of people etc.....
What the article actually highlights at the end of the day is not an issue with UAC - it's with IE's Protected Mode. In order to install a add-on, IE needs to run outside of a low-privilege process and so a new instance is started. The problem is that a normal
user will continue to use that window to carry on surfing, during which time they'll lose the benefit of Protected Mode.
A malicious site could potentially be crafted to take advantage of that - cause elevation once for something innocuous, then take advantage of continued navigation at an elevated level to attempt to compromise a machine.
Sorry, bro. All wrong. A new instance of iexplore is not started when we need to elevate. We have a medium integrity broker process and a high integrity broker process to handle actions that cannot work in Protected Mode IE. Only those few actions have elevated
rights, the rest of your browsing is still protected.
Causing elevation once and then attempting evil actions in subsequent navigations will do nothing.
There's a medium rights version of iexplore that runs when you are in zones that have protected mode disabled. But that has the same rules as regular zones: you leave the zone, you also leave that medium rights process or the navigation fails.