The exploit has been well documented for some time, but it might be a bit of a surprise to regular users just how easy it is to compromise a machine you have brief access to. An article published by Carnal0wnage writes about replacing "Sticky Keys" on the login screen for Windows 7 with the "command line" executable, which essentially could let a user make all hell break loose.
It's as simple as briefly gaining access to an elevated command prompt on a workstation and typing the following code;
....Additionally, if the hack is in place, it's possible to perform a similar hack via RDP session. Once in place, it is virtually undetectable aside from the registry key. Essentially, the above code sets the debugger for Sticky Keys to the executable file for the command line applet, which is run at the system level when the machine is locked.
Meh - anything that can escalate to admin can do anything on a box. Yet another reason to NOT log on with an admin account on a regular basis, and only use it for admin tasks. Any environment that wishes to be secure probably does this already (plus not allowing registry editing outside of a small admin group and certain service accounts as well), but yes - once you make someone an admin, the control of that box belongs to the person using it, and whatever they may happen to run on it. "Exploits" like this go all the way back to the beginning of NT (using at.exe to get a system-level cmd prompt, for instance).