Maybe. But maybe they're too close to the code.
I'd feel better if Microsoft were requiring the use of one or two of the high-end third-party static analysis products out there. You know what I mean, the packages that run a quarter of a million bucks or so. The ones the big boys use for code that has to work, like spacecraft code.
Because the last person you want checking code for mistakes is the person who wrote it, and the next to the last is any person who has a vested interest in not finding bugs.
Microsoft might be using someone else's analysis tools, I don't honestly know. But I've never heard of them doing so on Windows, and it would be a big deal if they did, so I assume they don't.