Yeah, if the attacker has the right to replace arbitrary system executables, we're not really talking about privilege escalation any more. The solution is not to give people root access to your machine.
Not sure what the "don't have USB ports" aside was about: plugging in arbitrary USB peripherals shouldn't give you that kind of access, though they certainly are an attack vector.
USB has been a classic attack vector for local attacks forever. I have used them on red team social engineering engagements for a long time. An few innocuous auto run usb thrown into a few machines will be all you would need to compromise an internal network easily. The pint is you can harden physical security and a big part of that is disabling usb (physically if possible)
True. We tend to use things like inline keystroke loggers on keyboards these days for socials engineering gigs. You can also just convince people to run your stuff by giving it intriguing names (e.g. Q4 layoffs). Excel sheet, exe... etc :)
It's a known problem forever because there's literally no solution. You can very well patch lsass.exe to add a backdoor, for instance.