Not sure about that, but...

1. If we're talking about desktops systems, privesc is trivial in either OS. In Linux you can do a million things to privesc, such as snooping passwords via X11, modifying the various user files like ~/.bashrc with aliases, etc. On Windows UAC isn't even intended to be a barrier.

2. If we're talking about servers, I'm not sure that Windows is 10:1 worse on privescs.

I'd say the main intention of UAC is to make sudo but without obvious vulnerabilities. The UAC dialog is wired deep into the system and you can't fake it. It takes priority over any UI stuff and won't accept input from a program you didn't specifically authorize (which requires accepting a UAC prompt).

On the flipside, all it takes to manipulate sudo on Unix systems is to write a TTY emulator that just middlewares between the user and sudo. Then just alias via bashrc or any number of other places that can prompt for a user password. There is not protection sudo can deploy against that. Polkit helps a bit but X11 isn't great at helping there either since other programs can just send keystrokes.

I'm just saying that Microsoft has stated that UAC is not intended to be a privilege boundary.

It is a clear privilege boundary, just not a barrier. Beyond UAC is Admin, before UAC is non-Admin. Crossing that divide requires a user interaction. UAC can be a barrier if it would display more about the programs intention. Similar sudo could be improved the same way.

No, that's not correct. The reason it's not a barrier and not a boundary is because there are universal bypasses.

Hurdle? I feel like we're getting off topic =]

Where is the statistic proving that?

CVE database is pretty much alike.