Maybe, but maybe it is strategy rather than money.
This exploit is the result of several bugs in different systems coming together into one "super bug." If you have the same developers who wrote the code go back over that same code they may not spot the bugs.
Microsoft do code reviews but they also do fuzzing, unit testing, path diagrams, and other methods with the hope that each type of testing will uncover different bugs. However when you have bugs caused by multiple systems working together badly, it might be better solved by policy (e.g. this ONE piece of code does all of our CSRF from now on, no re-implementing it five different times).
This exploit is the result of several bugs in different systems coming together into one "super bug." If you have the same developers who wrote the code go back over that same code they may not spot the bugs.
Microsoft do code reviews but they also do fuzzing, unit testing, path diagrams, and other methods with the hope that each type of testing will uncover different bugs. However when you have bugs caused by multiple systems working together badly, it might be better solved by policy (e.g. this ONE piece of code does all of our CSRF from now on, no re-implementing it five different times).