We shall have to agree to disagree.
Not that I don't think that the quote from the article you reference is correct, but as close to 100% of critical vulnerabilities affecting Windows would never be exploited, and could never be exploited, were it not for direct user action.
Learning how to safely interact with cyberspace is not rocket science, and those who don't do so get infections of various sorts on a regular basis.
The user is the first and primary line of defense. That many just don't, can't, or won't recognize this creates a virtually insurmountable problem.
Also, the frequency of needing admin privileges is directly related to exactly what one does on a regular basis on one's machine. I am endlessly updating software related to what I do for a living and, as I said previously, would lose my mind were I not able to act without anything more than UAC popping up on a regular basis. The fact that I have not had a malware or virus infection on any of my machines for several decades now and no detections and quarantining means I have to be doing something right. It's not "just dumb luck."
Brian AKA Bri the Tech Guy (my website address is in my profile) Windows 10 Home, 64-bit, Version 1709, Build 16299
Here is a test to find out whether your mission in life is complete. If you’re alive, it isn’t.
~ Lauren Bacall