The previous version of UPHClean did not call the system executable using quotes. This could in some scenarios allow a local user to elevate privileges. This issue has now been addressed in the current version. Thanks to Thierry Zoller from Verizon Business for reporting this issue to us.
Updated bits (v1.6g) are being posted on the Microsoft Download Center and should be available shortly.