Because that is all you have when you are working with kernel-mode and boot-time drivers in Windows.
BTW, you can make the exact same class of error in other program languages too.
Automated code inspection tools improve the odds of catching errors, but they are not foolproof.
Automated unit testing improves the odds of catching errors, but it is not foolproof either.
The big failure was not testing this update with a variety of Windows systems, and not rolling out a sample population of the user base before a general distribution.
This is amateur hour. For something so critical as a kernel module/driver, it would mean that code reviews failed, static analysis tools weren’t used, their DevOps pipeline and test suite failed to catch this, nobody ran any manual tests, etc..
So, at what point do you wonder about sabotage? If it isn’t, then it’s a very sorry state of affairs at MS. For a KERNEL MODULE!
Given the scale of this, I believe an investigation is warranted. I’d put money on sabotage.
Unfortunately, I got caught up in it - I had a two-week business trip with a flight home yesterday, I woke to the news of this issue and the problems banks & airlines were having. Typical! Of course my flight was delayed, then delayed, then delayed, with me finally getting home at 3:30am.
Sigh.