According to eEye Chief Technology Officer Marc Maiffret, Microsoft should have caught the problem two years ago, when his company first reported the bug that was patched in the MS05-002 update. "They fixed the bug we discovered back in ’05, but during their standard bug report code audit, they missed an area... where identical code was used, with an identical vulnerability," he said via instant message. "It is hard to say how long people have been exploiting this in the wild due to the similar nature of the bugs."
Micro$oft has known of this for two years -- in fact patched identical code in a separate area -- and yet the problem still exists today, in Vista, their "most secure product ever". Thank you, BillyG.
 
