Too Long; Didn't Read
A German student discovered a windows exploit that takes advantage of the trusted binary ‘fodhelper.exe’ that is a part of windows. It is located in System32 and is signed by Microsoft, so when you run it, the UAC prompt is not required. The DZone article made some Python code as an example. I edited the code to show some good examples of how this could be use maliciously. The only way to prevent this is by not having administrator accounts, which for a lot of people would be extremely inconvenient.