How does Windows protect transition into kernel mode?

Question

How does Windows protect against a user-mode thread from arbitrarily transitioning the CPU to kernel-mode?

I understand these things are true:

1. User-mode th

Answer 1

Code running in User Mode (Ring 3) can't arbitrarily change to Kernel Mode (Ring 0). It can only do so using special routes -- jump gates, interrupts, and sysenter vectors. These routes are highly protected and input is scrubbed so that bad data can't (shouldn't) cause bad behavior.

All of this is set up by the kernel, usually on startup. It can only be configured in Kernel Mode so User-Mode code can't modify it.