Microsoft has declared two security bugs are, in the past three months, in fact, features. The most recent one involves IIS, the earlier one involves Word 2007. Microsoft’s David LeBlanc: Crash an application, in a way that you are “reasonably certain” it won’t be exploitable, is a good thing. The proposed solution? Upgrade to IIS 6 or better, which would likely involve an upgrade of server OS, testing of all Web server code on the new version.”]
Source: https://www.darkreading.com/analytics/trust-gets-buggy