"Consider a typical Windows x86 or AMD64 architecture, the memory is divided in executable sections that cannot be written to and data sections that can be written to but cannot be executed (think DEP)."
"JIT compiles methods in-memory, does (generally) not store anything to disk, instead moves it around where the next instruction pointer can reach it, changes the current instruction pointer (pointing to the JIT) to point to the newly generated code and then executes it."
These two paragraphs, while a bit over-simplified, are what I basically understand of JIT and Windows' memory model. I also know that when I try to copy some executable code in memory by hand and try to execute it, I will generally be unable to do it (unless with DLL injection).
How did the JIT-designers overcome this hurdle? Do they use a ring-0 driver or is everything done in user mode?
It is simply done with the Windows VirtualProtect() API function. It changes the virtual memory page attributes. From PAGE_READWRITE so the JIT compiler can write the machine code to PAGE_EXECUTE_READ so it can be executed. No special privileges are required to do so since the page is owned by the process that also runs the JIT compiler.