An odd bit of behavior that some Windows systems will exhibit when certain kinds of installers are launched automatically elevating the privileges of the installer process to system-level privileges. In theory, the issue shouldn t be exploitable because at one point in the process the system will generate an MD5 hash of a DLL that s to be loaded, and unless the attacker can replace that DLL with a malicious one that sports the same hash, an attack is impossible. The weirdness in Windows 7 and Windows Server 2008 was identified by Cesar Cerrudo of IOActive.
Source: https://threatpost.com/elevating-privileges-windows-installers-011812/76111/