This vulnerability seems to be in win32k.sys. The UI side of NT is something I know less about than other pieces, however, my understanding is that a lot of user32.dll in an NT-based system is simply trapping into win32k.sys. Similar to the fact that most stuff in ntdll is just a syscall stub.
I respect the NT kernel but it has visible warts. I will give you that they are not always the same warts as what people complain about on HN.