With DLL injection technique and symlinks to /DEVICE it's possible to bypass kernel drive loading protection.
vulners.com/securityvulns/securityvulns:doc:4870