To understand this, you need to go back to the original release of Windows NT 3.1 in 1993.
Most of the GUI was implemented in user mode. But again, this is 1993, and NT's most popular platform is the x86.
Windows NT 3.5 was code-named "Daytona," and the primary goal of that release was to improve performance.
One way that was achieved was to take the window manager and graphics subsystem, combine them into a device driver (win32k.sys), and run them in kernel mode.
It's not precisely accurate to say that "the kernel" does all of these things, but rather the device driver that contains the window manager performs those operations from within kernel mode.
Over time, Microsoft has been gradually moving some components back into user mode for security and stability reasons, however win32k.sys continues to exist and is frequently the culprit when it comes to Windows security vulnerabilities.
Most of the GUI was implemented in user mode. But again, this is 1993, and NT's most popular platform is the x86.
Windows NT 3.5 was code-named "Daytona," and the primary goal of that release was to improve performance.
One way that was achieved was to take the window manager and graphics subsystem, combine them into a device driver (win32k.sys), and run them in kernel mode.
It's not precisely accurate to say that "the kernel" does all of these things, but rather the device driver that contains the window manager performs those operations from within kernel mode.
Over time, Microsoft has been gradually moving some components back into user mode for security and stability reasons, however win32k.sys continues to exist and is frequently the culprit when it comes to Windows security vulnerabilities.