Although, security software companies will tell "they got it"...most won't. The UNAPIMON tool is no joke, saying so here is not meant to frighten anyone but rather make everyone totally aware. Not that long ago, Microsoft dropped the ball in such an epic way allowing its own infrastructure to be had for the taking. Thus they compromised companies and government customers globally. So, A/V creators had better be ready for this one. 

https://www.bleepingcomputer.com/news/security/winntis-new-unapimon-tool-hides-malware-from-security-software/

A bit more reading for those interested. 

Ransomware attacks and data breaches are a dime a dozen. Corporate America and our governments don't give a hoot either. Such lameness with our information, their lack of security while we pay the price for it each and every time. Companies take in record profits yet spend little to nothing in the area of securing their own infrastructure, training the people who work for them in OPSEC. These are just a few "recents", the actual numbers are epically staggering in scope of what company / government agency, etc. Some companies are actually malicious as well:

https://www.bleepingcomputer.com/news/security/panera-bread-week-long-it-outage-caused-by-ransomware-attack/

https://www.bleepingcomputer.com/news/security/us-cancer-center-data-breach-exposes-info-of-827-000-patients/

https://www.bleepingcomputer.com/news/security/hoyas-optics-production-and-orders-disrupted-by-cyberattack/

https://www.bleepingcomputer.com/news/security/the-biggest-takeaways-from-recent-malware-attacks/

https://www.bleepingcomputer.com/news/security/surveylama-data-breach-exposes-info-of-44-million-users/

https://www.bleepingcomputer.com/news/security/omni-hotels-confirms-cyberattack-behind-ongoing-it-outage/

https://www.bleepingcomputer.com/news/security/us-state-department-investigates-alleged-theft-of-government-data/

https://www.bleepingcomputer.com/news/security/atandt-faces-lawsuits-over-data-breach-affecting-73-million-customers/

https://www.bleepingcomputer.com/news/security/owasp-discloses-data-breach-caused-by-wiki-misconfiguration/

https://www.bleepingcomputer.com/news/security/free-vpn-apps-on-google-play-turned-android-phones-into-proxies/

https://www.neowin.net/news/google-vpn-caught-overwriting-your-windows-1110-dns-settings-with-its-own/

Regarding the issue of Microsoft in the previous post. I found this article interesting to say the least. Companies have to get rid of the sell, sell models and get back to the very basics of what they do. Quality control and producing safe, marketable products across the globe. Yes indeed, Microsoft DOES KNOW how their breech happened. 

The reason for the key being still valid in 2021 is that rotating the keys was done manually for the consumer system at the time, unlike the automated process for enterprise.

After a major cloud outage because of the manual rotation, Microsoft stopped the process completely in 2021, leaving no system in place to alert employees of old, active signing keys in the consumer MSA service that should be retired.

https://www.bleepingcomputer.com/news/security/microsoft-still-unsure-how-hackers-stole-msa-key-in-2023-exchange-attack/