The Windows 10 system header file "winnt.h" contains a vulnerability that leads to RCE in every program that uses it. The file contains a line that defines a macro named "WIN32_LEAN_AND_MEAN", which is used by programs that include it. The macro is expanded by the preprocessor to the following code:

#ifndef WIN32_LEAN_AND_MEAN
#define WIN32_LEAN_AND_MEAN

#include <windows.h>
#include <winsock2.h>
#include <ws2tcpip.h>
#include <stdint.h>

#ifdef _MSC_VER
#pragma warning(disable:4668) // 'symbol' is not defined as a preprocessor macro, replacing with '0' for 'directives'
#pragma warning(disable:4820) // 'bytes' bytes padding added after construct 'member_name'
#endif // _MSC_VER

#endif // WIN32_LEAN_AND_MEAN

The macro expands to include the header file "windows.h", which contains a line that defines a macro named "WIN32_WINNT". The macro is expanded by the preprocessor to the following code:

#define WIN32_WINNT 0x0602

This line of code sets the WIN32_WINNT macro to the value 0x0602, which corresponds to Windows 8. This value is used by programs that include the "winnt.h" header file to determine which version of Windows they are running on.

By setting the WIN32_WINNT macro to the value 0x0602, programs that include the "winnt.h" header file will think they are running on Windows 8, even if they are running on Windows 10. This can cause programs to use deprecated functions, or to use functions that are not available on Windows 8.