Everything I have seen (from multiple vendors) would indicant that you have to already have administrative credentials on a machine to be able to exploit this vulnerability. That limits the effectiveness of any potential attack. Also, vendors that use mini filter drivers as opposed to kernel hooking would not be affected by this type of attack.
However, my larger concern is that there is still the possibility of someone being an administrator on their machine and receiving an email that links to a website that exploits the vulnerabily and bypasses or effectively "turns off" A/V for other attacks to take place. To me, that's where the risk seems to be.