Yes, I am familiar with what happened and why, apart from the only missing piece that CS is silent about - the "logic error", but I guess we'll find out about that too.

The reason I blame more Microsoft than CS is because I am also aware of two other things:

1. Microsoft allowed CS to bypass certain fail-safes. Security product or not, trusted dev partner or not, in this scenario Microsoft itself becomes the security hole.

2. It was Microsoft that decided to do away with using the four rings of security and just use two. Ring 0 for kernel and ring 3 for user.

So, under the circumstances I can't for the life of me understand in what world did Microsoft think that allowing CS to operate the way it does, was a good idea. It's essentially a hack and it's signed off on my Microsoft themselves.