I only know about CVE-2013-3900 (WinVerifyTrust) which allows modified files to pass signature check unless you tweak registry to enable patches.
I think there must be other instances like this where Microsoft won’t fix vulnerability or chooses insecure defaults, is there a list?
Of course, tons of tax dollars are spent hoarding vulns
https://en.wikipedia.org/wiki/Vault_7