UAC is not a security boundary and has inherent limitations as well as good number of known and unpatched exploits. We recommend configuring your users‘ accounts to run as standard users or using a Privilege Management solution. If that is not possible, UAG Guard may be of help.

UAC Guard is a research project that aims to prevent all known forms of code injections and - ehm - Local Privilege Elevation. The default policy protects all Windows inbox executables from sideloading non-Windows DLLs. A Windows binary, in this context, is a signed file whose certificate contains specific Enhanced Key Usage values.