Tin Foil Hat Time?
Thanks to The English Guy's Networks and Security blog, I did catch up-a couple of days late-on the Security Now! show where Steve Gibson revealed his research that leads him to believe that the WMF vulnerability was actually intentionally put in Windows from Win 2000 on by Microsoft or "someone at Microsoft" as a backdoor into Windows. Read the transcript or listen to the podcast via this link. Also available at the link is Steve's first version of a WMF vulnerability tester based on his research to date.
Do note: Gibson is sure at this point that the "vulnerability" (he used the scare quotes himself to describe it) was put into Windows deliberately, but he is clear in stating he has much more work to do to define just when, and that he may well discover information that contradicts his current view.
Gee. I wish more "scientists" (like those getting so much press on "climate change" scare stories) would take such an approach.