This Metasploit module abuses the Capcom.sys kernel driver's function that allows for an arbitrary function to be executed in the kernel from user land. This function purposely disables SMEP prior to invoking a function given by the caller. This has been tested on Windows 7 x64.
1cee469e5e571383c0f9e5e97edee2bf63d77321f66855763160c9ef70f4275d