Sorry if im missing something here, but couldnt we hack the ms digital signature on xex files by using md5 collisions?
It has already been demonstrated how to generate two different files which have the same hash.
Im not sure how microsoft signs the xex files.
But in microsoft authenticode digial signature (which signs .exe files) can be modfied in this way.
Could also hack the microsoft private key by using a botnet of a couple hundred thousand pc's to brute force the key