I played in my fuzzing infrastructure with windows objects. And I found a cool bug type. by creating multiple threads and accessed and destroying windows and threads during the access to the windows and during callback of windows object functions . My Fuzzer accessed and released the window object of thread1 from thread2 or destroy the windows object of thread2 from thread 3 etc.
I Found a stack overflow bug in the windows kernel. that causes the operating system to crash. There is a race in win32k!xxxMoveWindow. if you pass messages between two threads until the stack capacity is at its max, than you close one of the treads it will cause a WM_NCCALCSIZE to be written to the kernel stack of the other thread. This will cause a stack overflow in the kernel.