I don’t think “only invoke MSI signed executables” inspires confidence either. There’s ought to be an MSI signed executable that launches arbitrary executables by design and defeats the mitigation.
The author got around a similar mitigation in their exploit for ASUS DriverHub (linked in the original article).
Oh right, yes, either that, or one of them is bound to have a DLL hijack issue that can be taken advantage of.