It’s one of those bad-news, good-news situations for Microsoft’s coming operating system, Windows Vista.

In a paper released this week by Symantec (the owner of SecurityFocus), two researchers analyzed the new networking stack in Windows Vista and found several classes of vulnerabilities. Overall, the researchers concluded that the move to a new code base for Vista’s networking stack will likely mean that, in the short term, the software could be less stable than the Windows XP stack.

“In deciding to rewrite the stack, Microsoft has removed a large body of tried and tested code and replaced it with freshly written code, complete with new corner cases and defects,” security researchers Tim Newsham and Jim Hoagland said in the paper. “This may provide for a more stable networking stack in the long term, but stability will suffer in the short term.”

However, Microsoft has also done a great job of ferreting out the flaws and fixing them, David Goldsmith, a principal security researcher at Matasano, said in a blog post. Goldsmith ranked the vulnerabilities and created a graph showing that the three version discussed in the paper had successively gotten more secure, with both the risk and the vulnerability count falling dramatically.

The upshot: While there may be flaws in Vista, especially the new code, Microsoft seems to be doing a good job of finding them and fixing them. And, with the extra time gained from delaying the release of the operating system, the company could deliver on having its most secure operating system yet.