Well I went through the paper and assuming the facts are correct it does seem to level some of the protections for now. Much of it seems to rely on filling memory with the exploit code repeatedly in large amounts which is a bit suspect but might be hard to catch given that there's likely many ways that could be achieved (few of which were detailed in the paper).

These technical black hat-ey things imho are less of a problem than plain ordinary trojans that you get from a trusted party. Users really shouldn't have to have any technical skills to say determine if some random app say decides to turn up your microphone gain and record everything you say in the background, or snap pics on your web cam etc etc. For example there was just a story that computer technician put a webcam spy program on the computer during the maintenance. If the web cam didn't have a light that went on and slowed the computer when it was recording the user might have not noticed this. I think that's unacceptable and solvable problem - any changes the maintenance technician did on the computer should leave a trace that can be compared to another existing trace on the Microsoft/OS provider servers to see whether unwanted behaviour was added. All points of access to input devices should be controlled through a verifiable path. Not much unlike the DRM concepts in Vista at first sight but instead of preventing user from using the computer to copy data these concepts should be used to put the user in control of the data and computer - complete opposite from DRM.