Agreed. I keep seeing "high priority" "vulns" that require so much system access to actually exploit that they become pointless. If an untrusted process can read your memory or run as an administrator you have already lost.

It honestly feels like more and more "security" people and businesses have less interest in actually securing systems and more in marketing themselves and their business hence the tendency to make every niche attack into a five alarm fire.