...in order for this vulnerability to be exploited, a user's computer would have to contain malicious code already, which means other security software has failed to prevent this or the user has explicitly allowed it.
Microsoft already sacrified security over convenience; case in point, as mentioned, users are Administrators by default. Then there is how, from the start, they let third party software developers on very long leash, or no leash at all, on developing software for Windows. Software needing to install/run a service for no apparent reason? True, if third party developers want to be as invasive as they want, there is little to stop them. But since users are accustomed to such low standards, they won't complain, won't look harder for alternative software.
I don't mind if MS breaks compatibility with older software on new Windows, as long the standard has significantly improved. Ofcourse, it's better if Windows execute such software in a sandbox. Sandbox. Speaking of which, not only does Vista doesn't have a sandbox feature, it made the system incompatible with a lot of sandbox software (ie, sandboxie).
Microsoft, listen: just because a user has allowed a software to run, doesn't have to mean that he/she is on his/her own. Provide a powerfull sandbox feature or let others develop powerfull sandbox solutions (the kind that even allows installation of drivers in the sandbox. scr3w DRM drivers).