OK, 7-digit ID or not, are you really so new here you think that Slashdot summaries (or even articles) are an always-accurate representation of the world? Out here in the real world, where I've been working in information security longer than you've been on this site (and nearly as long as I have, actually), we understand the difference between "the attacker needs to physically or remotely accessing the machine" and "the attacker needs to have code executing on the machine". It's a very important difference. The fact that the summary implies direct access is required is stupid, but the fact that you (and, apparently, a significant number of other people) took that implication as fact says much more about you all than it does about the exploit.
Try reading the actual exploit writeup rather than dumbed-down ThreatPost article, and you'll see that no such claim is made. There's not a single step of the process that requires the level of access you'd need to approve a UAC prompt. Hell, even in the ThreatPost article, it doesn't say (or even imply) anything about physical access.
“This is a post-exploitation technique, so an attacker would need to already be on the system.”
You can do this exploit if you get non-elevated arbitrary code execution (via remote compromise, or Trojan download, or anything else of that sort) in the account of a member of the Administrators group. You cannot click "Allow" via non-elevated code execution; UAC is very carefully designed to not allow non-elevated code to approve its prompts.
Please don't run your mouth when you don't know what you're talking about. This exploit, and the UAC default in Win7+, are both stupid enough already; you don't have to turn it into a three-way race. Think first, then post!