I noticed a bug in SymCrypt, the core library that handles all crypto on Windows. It's a DoS, but this means basically anything that does crypto in Windows can be deadlocked (s/mime, authenticode, ipsec, iis, everything). Microsoft committed to fixing it in 90 days, then didn't.