Most of this article is about privileged processes incorrectly loading shared libraries.
So i understand that a normal program may have code (for example DLL loading code) which runs with elevated privileges.
Mentioned a little after that sentence:
These privileged components generally take two forms:
- Installed services
- Scheduled tasks
When an application is installed on a Windows system, multiple executables may be installed. Some of these executables may be configured to run as part of a system service (akin to a *nix daemon) or scheduled task (similar to a cron job). Both system services and scheduled tasks may run with privileges separate from those of the currently logged on user.
Scheduled tasks are similar to services in many aspects - they may require a static set of privileges, and may need to be run even when there is no currently logged in user. They just have the added requirement that they should be run at certain times or when certain events occur.
But you can’t have part of a process have more privileges than another part of that same process.