So basically this is yet another case of "we don't understand ACLs", this time from nVidia, eh? And here I was, hoping this kind of stuff was... well, stuff of the decade past.
Okay, so, what can all those folks with ancient nVidia cards, who are mortally afraid of updating their drivers lest the whole shebang crash and burn, do about this? I've got some people I know who are still using stuff like the geforce 7900 or what not. So the flaw is in the NVSvc service? Can that be just disabled to prevent exploiting the vulnerability? I don't even have an nVidia card on any of my rigs, so I can't well test if those cards can live without that service.--
Limited User Accounts.
Software Restriction Policies.