You can now publish win32 binaries to the Windows Store, which run in a virtualized environment. They get the same rights as normal win32 exes because they _are_ exes.
I'm still confused. Why are they run in a virtualized environment then? Can a Windows Store win32 app change system display gamma settings? Monitor all network traffic?
From what I've seen, most of the virtualization that remains is filesystem/registry virtualization, primarily with the goal to insure clean install/uninstall. Security is handled in most of the usual Win32 manners (user token privileges, UAC, et al).
From your examples, I believe gamma settings would be accessible, but every tool I've seen that reliably monitors all network traffic uses a kernel-level driver and I don't think you can install kernel-level drivers from the Store right now.