Via Wikipedia:

One significant difference from previous versions of Windows NT is that the Graphics Device Interface (GDI) is moved into kernel mode rather than being in user mode in the CSRSS process. This eliminated a process-to-process context switch in calling GDI functions, resulting in a significant performance improvement over Windows NT 3.51, particularly in the graphical user interface. This, however, also mandated that graphics and printer drivers had to run in kernel mode as well, resulting in potential stability issues.

It has been my longest-standing gripe in cyber security–I probably first started complaining about this in discussion forums as early as 2003. LogoFAIL pretty much demonstrates my point.