Yes, but they have to trick you into voluntarily installing the software and typing in your administrative password, don’t they? No one with any knowledge of security would do such a thing.
OF course - that is, and always has been, the weak point of computers: Users.
Long before “administrator passwords”, computer users were downloading pirated software and music, pron, and other commonly identified sources of infection... all with the well-documented danger. So it isn’t really much of a step for folks to blindly type in passwords to every box that pops up...
That being said - There are viruses/malware for Windows that STILL can infect/cause trouble without ever seeing a warning or opportunity to NOT give permission.