There is no setting / option to change the look / behaviour of the CP (Credential Provider) UI in 5.2.9 back to the look of the 5.2.3 CP.
However, with 5.2.9, the CP does not require the "require logon to EE" policy / setting and the SSO "attempt automatic Windows logon" policy / setting to achieve SSO at first logon - so if this is the desired / sufficient behaviour, turning off "require logon to EE" will mean you will still get SSO at first logon and not be shown the window for EE logon at subsequent logon / unlocks (ofcourse you will not get SSO on subsequent logon / unlocks - but then it could be argued, as you have to 'do' a logon, it might as well be directly to Windows instead of EEPC).
With the 5.2.3 CP, 'logon' to EEPC uses the Winlogon UI, but logon to Windows (if SSO is not configured / captured or fails) uses a custom EEPC frame window. With the 5.2.9 this has been 'swapped around' - the logon to EEPC uses the custom EEPC frame window, and the logon to Windows (if required) uses the Winlogon UI. This is similar to the user experience with Windows XP and the GINA.
Sorry - that wasn't correct - it's the "require re-logon to Endpoint Encryption" policy / setting that determines if you will be shown the EEPC logon window at subsequent logon / unlocks.