This is Larry Seltzer's look back at the WMF vulnerability in Windows and the surrounding flap. It's worth a look and pointing you toward that will keep me from having to write it up.
The article points out that it is hard for Microsoft to be believeable when they say that security is their highest priority when they have vulnerabilites of which they have been aware going unpatched for over half a year! The tired old excuse of having to test every patch and release it in multiple languages simultaneously doesn't hold water. Why can't they devote a very small part of their billions in yearly profits to expanding the security team to the point where they can make timely improvements when flaws are found?
Microsoft has indeed made great progress in security. I don't understand why they cannot go farther faster.