"Lock on the Kernel Object" on windows can make the entire system unresponsive?

Question

There's this WIN32 process, which someone says:

The servide takes a lock on the kernel object and does not release. After a while the machine becomes irresponsive and has to restarted. Restanting only the service won't fix the issue.

According to my knowledge applications were not supposed to be able to crash the entire system in windows. Does anyone know if such an indecent behavior (taking a lock on the kernel object and not releasing it) can indeed crash the OS? If so why don't we see this more in malicious software?

Some clarifications: This is not a device driver. Any amiguity left in the reponse is also ambiguous to me. Please elaborate on the cases you can think of.

Answer 1

Depending on which precise kernel object they mean, and which service, this may very well be true. See for instance Raymond Chen on Loader Lock, a kernel lock which applications can monopolize. Restarting the service will then become a problem because the very unload of that service will require the loader lock, too.

Answer 2

This doesn't mean anything. There is no "kernel object" in NT, and any lock you could possibly take would be released if the service were restarted.

Answer 3

This depends on what type of application it is. Some applications install and use kernel drivers as part of their usage. A kernel driver has the most low level access possible in the system and is capable of crashing or hanging the system. If the process uses a kernel driver, and the description alludes to this, then yes it can crash / hang the system.

I believe Windows Vista started limiting the amount of damage a kernel driver can accidentally do (graphics drivers especially). But intentionally, you can still cause lots of problems.