I agree with this article.
The recent .ANI vulnerability had been known to MS since last December. I don't understand why they did not produce a patch sooner. They have the resources to move faster. Of that I am sure. Yet they don't. So, a lot of people were affected by something they could have patched in the normal course of events, if only they had pried open their wallet and invested in enough staff to get on the problem in a timely manner.