I've said it before, and I'll say it again: if Microsoft could please stop controlling vulnerability mitigation features using longer and longer binary flags, I would be so happy.

The historic and continuing method employed by Microsoft is shoehorning as many feature flags into a single registry value as possible. Any human wishing to understand this has to do hex/dec to binary conversions on the fly to even have a chance of reading it, and maybe then looking up what is enabled or disabled.

Registry values, last time I checked, were free. Instead of cramming it all into a single decimal registry value 2347624 (or whatever) representing a row of switches like 1000111101001001101000, Microsoft could simply have 23 sensibly-named registry values in the same place, each with a human-readable name, and a sensible human-readable value.

Worse: if you want to programmatically assess mitigation status, you not only have to account for the current state of things, but for the potential for new stuff be to added to the existing registry value.

Whoever at Microsoft keeps inflicting the hard way on the rest of us, please make yourself known. I just want to talk!