"Try reading BUGTRAQ. Stefan Kanthak's "Defense in Depth" series of exploitable Windows OS and Microsoft application security bugs is now up to part 26. For elevation, all that's required is someone running one of those applications as administrator"
Administrator is already elevated. This is just the same as if you run a hostile script as root under *NIX. This is generally not an exploit.
"Pity Microsoft have done such a lousy job with the tooling, but it's usable."
You obviously are not familiar with Powershell. Like advanced *NIX shells such as PASH but much more powerful.
"The problem isn't the Windows security model. It's failures to use it correctly that are the problem."
So bugs and vulnerabilities then. Which for Microsoft Windows actually comes out much lower on counts every year for the last decade than say RedHat Linux, SUSE Linux, or Mac OS-X. Even when you feature match the Linux Distributions.