Windows Vista still Rife with Insecure Code
Actually the old code might be better. And I don't defend blindly.
It has been my repeated experience that "Cruddy and complex" code is that way because the problem space is cruddy and complex and thats what bugfixes do to code.
You throw out that complexity and you throw out accumulated knowledge. I have yet to see a second system or third or fourth that managed to keep the bugfixes of the previous system. These issues return and they are accompanied by new ones.
In this case there might be a reason to thow out this particular baby with this particular bathwater: the only thing that new code gives you is resident experts on the new code. If you have staff turnover (Which MS always does), they may have already lost the resident experts on the previous design.
So that brings up the next point: MS may now be jumping its proverbial code shark: They've not increased in price in 3 years: stock options are worthless, they're losing people, and the hardware vendors are saying "When are you going to get us a decent 64 bit system?". They can't seem to ship secure code and now they throw out working subsystems, possibly because they've got a brain drain. MS owns the office market, but they're starting to really fall behind in shipping modern security at the OS level.