This was like taking candy from a baby.
Not exactly - finding an exploit like that
requires a fairly decent understanding of not only Windows internals, but also above-average knowledge of CPU detail (and that's above-average for assembly
programmers, mind you). There's automated tools that can find "areas of interest" for a number of exploit types, which can then be further analyzed by a security researcher (or malware writer) - this NTVDM exploit is something extraordinaire.
And while it might not be in the wild yet, you can be pretty sure it's already added to blackhat toolset, and will be added to drive-by rootkits any time now - with good reason. It's even worse than the linux kernel 2.4->2.6 privilege escalation exploit
(which was bad enough - iirc that was around 8 years of kernel revisions, and multiple architectures).
Privilege escalation might not be as sexy as remote holes, but it's a dangerous addition once a hole is found... and when you get not only admin but can go kernel-mode "silently", and it can target such a large installation base - ouch!