Matthew Conover, a security researcher over at Symantec, has published a new paper on the “Analysis of the Windows Vista Security Model“. His paper provides an in-depth technical assessment of the security improvements implemented in Windows Vista, focusing primarily on the areas of User Account Protection and User Interface Privilege Isolation. The paper discusses these features and touches on several of their shortcomings as viewed by Symantec. It then demonstrates how it is possible to combine these attacks to gain full control over the machine from low integrity, low privilege process.
Similar to their last paper on the Vista attack surface, they seem to continue to reference older builds and offer opinions on pieces that are still being tweaked. With that said however, I found that this paper does offer some insight and critical thinking about privilege elevation in Vista. You might be interested in checking it out.
[Dana Epp's ramblings at the Sanctuary]