"You can restrict what users are allowed to do from the desktop and what they are allowed to configure using Control Panel." - http://technet.microsoft.com/en-us/library/cc751094.aspx
They can't just "fix" that short of forcing full disk encryption.
I wasn't referring to using a boot disk to reset a password. As far as I'm concerned that's a feature not a vulnerability, and it's a feature Windows makes unnecessarily hard to access.
You are, however, technically correct, but finding arbitrary code execution vulnerabilities in the "GUI" these days is not a trivial task. And if you've done that, you can do anything you want to the system.
As Raymond Chen (Windows API developer) would say "that would involve being on the other side of this airtight hatchway".
Even if you ran the actual GUI as some special user, that GUI would still have to be able to do a bunch of powerful things using SYSTEM level services, so any exploit would be equally as powerful if it went after the SYSTEM login GUI or the login service.
What you're suggesting would be meaningful feel good security with no actual teeth. Attackers would just use the boot disk to alter a different file or process.
Unless the HD is encrypted of course, but that is not what this article and password is about.
However, encryption makes things quite a bit harder.
It can also be mitigated by requiring not just the TPM chip, but also a PIN, PASSCODE, or a PASSCODE that is cycled ever 60 seconds or so (on something like an RSA fob).
This presumes the system has a TPM chip, or a similar mechanism that can provide an original point for a trusted boot.
Under-estimating the ability of the attacker is a mistake, no?
Full-disk encryption sure is nice thing to have, even if it isn't bulletproof.
Interesting demos start at about 20 minutes in.