I tend to think that this is exploit code, written into the Windows driver, that depends on the access available when the driver is loaded by Windows. So, while a malicious driver could open an exploit vector on the system, it is due to the handling of the driver by the insecure system itself. So in that sense, MS is correct.
Maybe I'm not explaining this clearly enough. It has to do with the design of open systems (versus closed systems... for the younguns amongst us, read that as 'open vs. proprietary'...that's close enough). So while it may not be an issue with the MS code itself, it needs to be acknowledged by someone. It's similar to a hardware keylogger; the PS2 ports and bus can't do much about that attack.
