This trick has been around for years, and long assumed fixed. Surprisingly, while recently investigating a related issue we discovered this one is still going strong in Windows 7 and 8 (along with Vista, where it originated).
In what has become known as the "Utilman Trick," if you are able to physically access a system and boot from a Windows install or recovery disk, you can quickly change a file, reboot into the original Windows install and with a few clicks change the password of any account. You can also create new accounts, and perform all order of administrative management.
While Bitlocker, or physically denying access to the system will obviously solve this, it's shocking that this continues to exist.
The details, and simple process are well documented here at Technibble, among hundreds of other places.
Here it is in a nutshell:
1. Recovery Boot
cd windows\system32 ren utilman.exe utilman.exe.bak copy cmd.exe utilman.exe
2. Normal boot
net user administrator newpassword