The kernel itself was exploited to gain priv escalation of a process. From there you can patch memory, create new processes, etc. The shell does have LocalSystem privileges however the main part of the exploit is coming from kernel. A hypervisor exploit is not needed for creating HEN like...