First off, if you haven't read yet the quite brilliant skywing's paper about PatchGuard 3 on the latest uninformed, check it out.Btw, his blog (http://www.nynaeve.net) is another jewel.

So talking about Vista, recently I came across a nice freeware program, called Speedfan, that allows controlling some thermal capabilities of your hardware. It contains a signed driver for Vista x64 so... well, you know ...

There is a big flaw as you can see below( deja vu , see Joanna's IsGameOver() - NVIDIA nTune Driver vulnerability)

IOCTL : 0x9c40243C

cmp dword ptr [rdx+8], 8
jb short loc_11171
cmp dword ptr [rdx+10h], 0Ch
jb short loc_11171
mov r8d, [rsi+4] ; InputBuffer[1]
mov r9d, [rsi+8] ; InputBuffer[2]
mov rax, r8
shl rax, 20h
or rax, r9
mov rdx, rax
shr rdx, 20h
mov ecx, [rsi] ; InputBuffer[0]
wrmsr

You can overwrite (or read) any MSR you want, so hijacking the LSTAR we open the kingdom's door.Therefore, this flaw allows to load unsigned drivers on Vista x64 and do whatever misdeed your broken mind had planned.

Afaik there is no public exploit that uses the method explained on the Joanna's paper (I was unable to to grab purplepill so let me know if I am wrong) so I've prepared a K-plugin for kartoffel (64-bit) that exploits this issue. However, since MSR hooking is a widely known rootkit technique don't expect to find out nothing really exciting.Look out! it's intented for study and/or research purposes only so I'm not responsible in any manner for any illegal use. Download at http://kartoffel.reversemode.com/downloads.php

I guess that sooner than later Microsoft will revoke the certificate for this buggy driver, anyway the driver is going to be fixed quickly, maybe even today according to its author, so it's not a major problem. You can check the status of this bug at any time since it is publicily available through the bugtracker at http://www.bugtrack.almico.com/view.php?id=987.
Btw,once the patch is out,I'll release an advisory for this issue with more technical details so stay tuned.