They did make massive investments in the mid-2000s on Windows security, and really did turn a lot of things around.

But it is a big place. And not everyone gets the memo.

microsoft has always had a culture of "just make it work yesterday" that led to shoddy code. they spent a lot of money, some of it on PR and some of it on real work, polishing up some of windows's more egregious problems a couple decades ago. but the attitude is deeply ingrained in the leadership. i also suspect that a lot of cost-cutting demanded by the business side gets implemented by off-shoring work to the cheapest possible workers with the minimum experience necessary to push a product out the door, but im not as familiar with microsoft these days.

There was the famous "Bill Gates memo" early in the century that stopped work on pretty much everything except security, citing Windows' atrocious reputation as an existential risk to Microsoft. It lead to a big improvement, including UAC and driver signing.

Also it's worth differentiating between Azure and the rest of the Microsoft silos. The Xbox isn't being cracked on the regular. The microvirt for applications and browsers in desktop Windows seems very well thought out. It seems as though the Azure team are pretty awful, though.

I see tons of jobs notifications from Microsoft..all for Azure.

the same attitude is still there

the product only has to be just good enough to get some pointy haired boss to approve the purchase

(and he never has to use the software)