User Interface Privilege Isolation
User Interface Privilege Isolation is a technology introduced in Windows Vista and Windows Server 2008 to combat shatter attack exploits. By making use of Mandatory [Integrity Control], it prevents processes with a lower "integrity level" from sending messages to higher IL processes.
Window messages are designed to communicate user action to processes. However, they can be used to arbitrary [code execution|run arbitrary code] in the receiving process' context. This could be used by a malicious low-privilege processes to run arbitrary code in the context of a higher-privilege process, which constitutes an unauthorized privilege escalation. By restricting the ability of lower-privileged processes to send window messages to higher-privileged processes, UIPI can mitigate these kinds of attacks.
UIPI, and Mandatory Integrity Control more generally, is a security feature but not a security boundary.
Microsoft Office 2010 uses UIPI for its Protected View sandbox to prohibit potentially unsafe documents from modifying components, files, and other resources on a system.