The sane thing would have been to not use a HTTP server at all. This part is pure laziness. It is trivial to communicate with a Windows service locally through named pipes.
I think you're referring to the SupportAssist Client being an HTTP server - while it is weird that they exposed all those other routes, the driver install route allows for drivers to be installed from a website (which a named pipe would not).
I wouldn't characterize it as "pure laziness" - more a questionable feature
The whole process starts with the installation of aoftware to identify the computer. The vulnerable service is part of that. Thw list of drivers could just as well be shown by a local GUI ghat is started by thenbrowser through an URL handler registered in the system. There would be no need for any of this frankly stupid Rube Goldberg website/webservers interaction. It would be one less TCP server socket in the system.
