The Future of Windows Vulnerability Research. The talk will go over the current mitigations and security updates in Windows 11 (strong signing, anti-persistence/tamper, memory safety, credential hardening, and exploit mitigations) as well as below-the-OS updates (SMM mitigations, DRTM/FASR, Pluton, TME, SEV-SNP, IOMMU, etc...). Industry-wide changes will then be discussed such as ARM64, CHERI, SBOM and Cloud-based rendering/detonation environments. How Microsoft has adapted (MORSE, Syzkaller integration, KASAN) will also be discussed. These mitigations, changes, and improvements will be shown against the foil of complexity and complacency, and a changing bar for security fixes, code review, and dogfooding. The thesis is that increased reliance and expectation of all of these industry changes and mitigations will result in weaker code that is​ secure on modern systems, but is more insecure​ on older systems -- or systems where these features are not yet active.