Yes, it is possible. Ruben Santamarta from ReverseMode.com has released an exploit (in form of a kartoffel plugin) to run code through a vulnerable signed driver in Speedfan (www.almico.com/speedfan.php).
Spanish readers can check this funny blog entry for further information: http://blog.48bits.com/?p=169
Attached to this post is Kartoffel and the exploit.
Cheers.
Vulnerable code in speedfan.sys
Code:
Code (asm)
cmp dword ptr [rdx+8], 8 ; Ouputbuffer size
jb short loc_11171
cmp dword ptr [rdx+10h],0Ch ;InputBuffer size
jb short loc_11171
mov r8d, [rsi+4] ; inputBuffer[1]
mov r9d, [rsi+8] ; InputBuffer[2]
mov rax, r8
shl rax, 20h
or rax, r9
mov rdx, rax
shr rdx, 20h
mov ecx, [rsi] ; inputBuffer[0]
wrmsr ; Chungo