Thanks! I had no idea it was already being used in the wild. It's a good case study for why shipping signed drivers with exposed IOCTLs and weak authentication is such a liability, even if (especially if) the developer never bothers to even load them.

This is unfortunate news but I'm not even surprised that they don't seem to care. Nice writeup.