Driver Signing
Can Microsoft not revoke the signature for the driver, or would that invalidate all Gigabyte drivers?
Loadable kernel modules were always a security exploit waiting to happen. Why bother with enforcing process memory protection if you can load arbitrary code into ring 0 that can modify arbitrary memory. Sure you have to jump through a few hoops to get there, but in the end you are no more secure than MS-DOS.
Hardware vendors can't be trusted to write secure drivers, and can't be relied upon to update them when exploits are discovered.