Good question. Every time there's a font vulnerability, it gets asked, and for good reason. I like this answer the best: http://seenonslash.com/node/3658
Interesting quote on their mindset at the time: "Due to the modular design of Windows NT moving Window Manager and GDI to kernel mode will make no difference to the security subsystem or to the overall security of the operating system this will also have no effect on the C2 or E3 security certification evaluation, other than making it easier to document the internal architecture of Windows NT."
