I still stand by it being rock solid, most of the XP vulns allowed a user to take control of your computer. With UAC locking every important thing down, I seriously doubt this will be an issue.
I still think UAC isn't going to do shit for security but will be annoying for power users.
1.) You have two kinds of Windows users: "Windows Haves" and "Windows Have-Nots".
2.) The "Windows Haves" will know when they're doing something right and don't need to be burdened by UAC.
3.) The "Windows Have-Nots" will not know when they're doing something wrong.
4.) When a "Windows Have-Not" attempts to install a program, they'll be blocked by UAC.
5.) Their local guru will either just tell them "it's okay, ignore that box", or "Here's your administrator password."
6.) Local gurus will get pissed off that the user never writes down the administrator password, so the next time he's fixing the luser's computer, he'll upgrade the luser's account to "Limited Administrator."
7.) After calling the guru a few times, the luser will get frustrated and will start clicking through UAC without reading it.
8.) Security is gone.
The only thing about UAC is that if a luser gets a virus or trojan or something because of it, he can be blamed and not Microsoft, because the luser didn't take the time to read the UAC box.