Yet another take on Microsoft's WMF vulnerability and the patching thereof.
Remember what this article makes clear. What turned out to be a vulnerablity was intended originally as a feature. We can extend that to include other parts of Microsoft's various code bases and realize what security researchers have known for a very long time (this includes both the good guys and the bad guys); A large fraction of MS' code base in both operating systems and applications is quite old and from a kinder, gentler time when organized crime wasn't keen to exploit any vulnerability. Therein lies a large part of the problem. It's not that Microsoft can't write secure code. It's that they really didn't need to when a large part of their code was written.
Not all legacies are good.