Thanks for clarifying. With drivers they get around that by using vulnerable drivers, but this isn't regular kernel mode code execution, and MS will probably revoke certs for future vulnerable trustlets? (Or not, since that can cause outages). Sounds like a whole new area of research.