Vista gets bashed for a single vulnerability

In my blog yesterday, I was in full agreement with Ryan Naraine, and I heavily criticized Microsoft for its slow response times in patching known vulnerabilities. Today, I'm going to have to take Naraine to task for bashing Microsoft and Vista on a vulnerability that isn't even exploitable. According to Naraine:

The carefully crafted image of Windows Vista as the most secure operating system of all time is beginning to take a beating.

For the second time this month, Microsoft has shipped a security bulletin with patches for a “critical” Vista vulnerability that puts millions of users at risk of code execution attacks.

Aside from the sensationalism in the opening sentence (we're talking about only a single new vulnerability), this "critical" vulnerability isn't even exploitable with the built-in security mechanisms in Vista.  [Update - My mistake in pointing to different bug Dave Aitel referred to.  Sorry Dave, sorry Ryan.  Trying to do too many things at once with annoying distractions in the background gets me in trouble every time.  My point was that a single vulnerability that gets patched isn't worthy of declaring Vista security a failure, and there are some mitigating factors inside Vista that you don't get with previous operating systems.]

I have no qualms about anyone bashing Microsoft when it's deserved, and I've bashed it pretty hard twice within the last couple of days -- but this just isn't one of those times.  This is actually a success story for Vista, and it's an example of how Vista security works quite well.