How many of these linux bugs that are up to 1.8 years old have had advisories, and have been actively exploited in the wild? Not all bugs are security issues either, some will be annoyances, others will be more serious. No code is perfect and bugs will never go away no matter who develops the software and regardless of the development model. However, once a vendor is notified of a serious flaw that allows code execution, have been given sufficient time to develop and provide a solution, and the information has been made public, is it not reasonable to expect a patch?

The CHM bug that allows code execution has been known about for ages, and has been public knowledge since december 30. There are no workarounds, and no fixes. With the current patch schedule, it's been ignored or missed 4 times. It's a bit strange that a vulnerability like this has been unpatched for so long when microsoft are trying to convince world+dog they do actually take security seriously. This is the point I was trying to make, and it wasn't just another 'have a go at microsoft for the sake of it' post. There's far too many of them already, mostly for no good reason at all.

Are there any alternative download locations for that PDF file? It does look interesting going by the summary, and I've not got a subscription to that site.