Also, 5 days ago: https://news.ycombinator.com/item?id=19567399

Where they don't describe it as a "backdoor." Simply what it is: A local privilege escalation in a driver.

Privilege escalations aren't that rare unfortunately. Kind of cool that ATP might be able to detect some of them going forward, particularly in drivers that are often black-boxes.

I have no expertise in security. Why could nation states not just build their backdoors this way? What's the difference?

This isn't a backdoor, nation state or otherwise. LPEs are super boring and common, there's often several a month discovered on Windows (inc. third party services/software/drivers/etc).

For it to be a backdoor it would typically need to facilitate the ability to access the system itself (e.g. Remote code execution, hidden credentials, etc), but even then intent is implied with the word which we simply don't have here.

Plus it LPEs aren't as powerful as they once were. Most of the good stuff is now running in userspace, the only thing a LPE grants you is persistence.

To give you an idea of how overblown this is: HP used to run a local webserver as SYSTEM (highest priv) which any webpage could call via iFrame to execute local commands. I don't consider that a backdoor either, even though that issue is ten times more serious than this one.