Who could possibly gain
from this?
“Don't create undocumented features” should be tattooed in the corner of every developer's eye: there's one in the Microsoft Application Verifier Provider that provides attack vectors on everything Windows since XP. Cybellum, which discovered the feature, has focussed on attacking anti-virus first, but says its DoubleAgent …
You've been able to configure DLLs to be autoinjected for *ages* and *ages* and *ages*. It might not be important because writing to the relevant part of the registry requires (or should require) elevated privileges, but is it *hard* to get those privileges? "Oh, look, another UAC prompt stopping me looking at this porn. Where's the OK button?"