bleepingcomputer[.]com/news/security/github-comments-abused-to-push-malware-via-microsoft-repo-urls/
There's a glitch with GitHub, the repository where Microsoft & a ton of other companies have software downloads. Anyone can upload a file and get a URL as github[.]com/microsoft/...some file. DO NOT trust a download based on the URL including the word Microsoft.