That, finally, was the right decision. But why did Microsoft's management strain so mightily in the wrong direction before doing the right thing?
Microsoft programmers did their job. We know that because Microsoft's WMF patch showed up briefly on a security Web site a week before its scheduled release ("inadvertently," Microsoft said). Security gurus who examined it said it worked and didn't conflict with a non-Microsoft patch that was already available.
But Microsoft didn't release its patch then. Why not? The official answer: It wasn't thoroughly tested and available in all languages and for all versions of Windows. The scuttlebutt: Microsoft bigwigs didn't want "Microsoft Issues Emergency Fix" headlines and viewed the WMF threat as overblown -- although, fortunately, someone in Redmond thought it was dangerous enough to build an emergency fix during the holiday break.
Let's be clear about this: Microsoft was right to reverse course. Those bigwigs who wanted to hold the patch were right to listen to customers and release it ahead of schedule. Yeah, the flip-flop looks embarrassing, and they'll take some flak for that. But they deserve thanks, not grief. Getting that patch out the door four days early is going to make a difference. We're all better off with the right decision than with a foolish consistency.
But, that said, why the heck did they get it so wrong in the first place?