They should have stopped slapping new features onto a rotten legacy architecture years ago; now they are paying the bill. Not to mention that the only market in which they don’t have to compete is shrinking.

http://lists.grok.org.uk/pipermail/full-disclosure/2010-January/072549.html

there is something fundamentally wrong with Windows security design.
Windows was never meant nor actually prepared to be multiuser or networked. Back in the days, Microsoft simply took MS-DOS + LAN MANAGER and glued to it a ripoff of the Digital VMS model of user security, copied the HPFS filesystem from OS2 (shafting IBM in the process) and called it NTFS, then added the Netware and BSD TCP/IP stack into the mix, called it “Windows NT” and they have just kept patching that model up to the current offerings, adding an E+E+E’ed version of LDAP called “Active Directory” on top of it from Windows 2000 on.
Every day that passes, keeping relying on this windows model for your data, services and applications is becoming more and more an irresponsability.