An inside look into building and releasing MS07-017

As part of that, we not only investigate the specific issue that was reported to us, but any surrounding issues. Customers have told us clearly that they want us to make the security update as comprehensive as possible, they don’t want to have to apply multiple updates to address issues in the same components. So our triaging stage focuses on finding as many related issues as possible... Every vulnerability reported to Microsoft is triaged personally by a member of my team (in this case it was Adrian Stone) and they work on those issues reported to us end-to-end until the point we are able to produce an update that helps protect customers. In many cases, there is a delicate balance we strive to strike between meeting customer needs, our ability to test an update for appropriate quality and protecting customers against possible attacks...

Read the post in MSRC blog.