A critical vulnerability first found in July wasn't fixed until more than seven months later, and some say that's too much time.
Microsoft is taking hits from security experts and other analysts over the long lag time between knowing about a major Windows vulnerability and releasing a patch to fix the problem.
The vulnerability in question is one of two noted as critical by Microsoft on Tuesday, when it released February's monthly fixes. Hackers could exploit flaws in Windows's usage of Abstract Syntax Notation, a language for defining the syntax of data messages shared between applications and computers. If attackers successfully created exploits, they could clandestinely destroy data, steal information, or compromise network security.
The bug has been characterized as one of the most serious ever due to its widespread use in many of the Windows operating system's security subsystems, including Kerberos and NTLM authentication, and in numerous server and desktop programs, such as Exchange and Internet Explorer.
The ASN vulnerability was first identified on July 25, 2003, by eEye Digital Security--but not fixed until more than seven months later.
http://www.informationweek.com/story/showArticle.jhtml?articleID=17700169

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic