Opening position RedSun describes a defect in Windows Defender's remediation pipeline where the act of cleaning a detected file became a primitive for arbitrary writes into protected system locations. The component that exists to remove malicious content was the component that delivered it. The defender became the delivery mechanism. This is not a detection failure. Detection worked. The malicious content was identified, classified, and routed for action. The failure occurred after detection, inside the trusted remediation path that runs at a higher privilege level than the process being defended against. The control that fired produced the outcome the control was meant to prevent. Treat this as a boundary failure inside a privileged service. The exposure is not theoretical malware evasion. The exposure is that an enforcement component held write capability into locations the original threat could not reach on its own. Whatever the threat could influence, the remediation path could escalate.…