Windows 10 zero-day exploit code released online Security researcher 'SandboxEscaper' returns with new Windows LPE zero-day May 22, 2019 https://www.zdnet.com/article/windows-10-zero-day-exploit-code-released-online/
Seems like with these kind of exploits you could bypass UAC? That's why I'm saying that UAC is highly overrated.
For what it's worth, none of the pen tester's found vulnerabilities have ever been exploited except for this one: https://www.zdnet.com/article/recen...been-exploited-in-the-wild-for-almost-a-week/. This occurred because the person foolish posted the exploit code on GitHub.
Windows 10 zero-day details published on GitHub SandboxEscaper details new "ByeBear" zero-day impacting Windows 10 and Server 2019 June 7, 2019 https://www.zdnet.com/article/windows-10-zero-day-details-published-on-github/