Russinovich and the WMF Flaw (MS06-001)
I'm not 100% sure why no-one seems to have picked up on this, Russinovich decided to do his own analysis of the WMF flaw to see if Gibson's belief that WMF/SetAbortProc() is an intentional backdoor. Of course, it's not!
Here's Mark's analysis: https://www.sysinternals.com/blog/.