Michael Howard provides a very insightful look at how the animated cursor bug bypassed the numerous security measures in Vista. He dicusses the -GS flag, address space randomization, static analysis tools, and fuzz testing. He also talks about the steps we're taking to make sure it can't happen again. Besides giving details on the .ani attack, he also provides what turns out to be a good primer on Vista security measures. If you have an interest in security, go read this post.