Windows CA program is governed by requirements like any other CA. Microsoft has ways to provision machines with enterprise CA roots so there is no advantage, and highly visible disadvantage, to adding a noncompliant CA to your trust store. I think that the theory that Microsoft will included it to sweeten a sale has no merit, unless you have evidence.
Most certificate trust stores have some certs in them that are sketchy, eg a bunch of university certs from all over Europe. These are slowly dropping off, presumably because it costs quite a bit to operate a CA in a compliant fashion and get it professionally audited.
Issuing a fake cert is grounds for removal from every certificate trust program I’m aware of, if it can’t be demonstrated that they found what went wrong and have fixed it so it can never happen again.
Most certificate trust stores have some certs in them that are sketchy, eg a bunch of university certs from all over Europe. These are slowly dropping off, presumably because it costs quite a bit to operate a CA in a compliant fashion and get it professionally audited.
Issuing a fake cert is grounds for removal from every certificate trust program I’m aware of, if it can’t be demonstrated that they found what went wrong and have fixed it so it can never happen again.