Offline, pKai asked me the following question, which I reproduce here with his permission.

Sorry, I don't get it. Every major subsystem of Windows has been subject to priority 1 security patches in the past. If you are concerned that this has been patched, shouldn't you abandon Win as a platform then?

The problem is not that it has been patched. Timely or not, that indicates it is maintained at least.

The problem is the idea of a library intended for cryptographic uses that even permits the potential for 'remote code execution', never mind has an exploitable vulnerability. It's like fitting a really expensive, sophisticated front door lock and then hanging the key on a piece of string inside the letterbox.

Nothing I do is particularly secret. No lives will be lost if it is exposed and I don't keep or use financial data on my general purpose PC. My security needs are therefore minimal and 'best efforts' are good enough for my purposes. None the less, it would be inconvenient and upset me greatly to risk the contents of my harddrive to every random oik on the net, so I take a sensible level of precaution to that end.

That leaves my main use for random being for simulations and the like. To that end, I don't see the point in installing a CSPRNG, that potentially breaches the security of my machine by exposing net visible, 'remote code execution interface' in order to seed a non-cryptographically secure PRNG. Does that make sense to you? Why not just use the CSPRNG once you've installed it?

As for abandoning Win:Why? The simplest answer to 95% of the exposures that Win has been subject to, is don't run the code. Hence, I don't use IE, or Exchange or Word or Excel. I have turned off nearly 80% of the services that are started by default and mostly sit there doing nothing 99% of the time, except exposing vulnerabilities and consuming memory. When I need to use a service, I turn it on temporarially and then disable it again.

Does it mean I'm 100% secure. Obviously not. There is no such thing. Not even with other OSs.