Microsoft's advertising. Specifically, those they choose to do business with allowing exploit kits to deliver malware payload, such as cryptolocker-style viruses.
I know that Microsoft are not to be trusted with advertisements, and this is advertising. Who knows what executable code, like javascript, fonts or GDI+ objects, are involved with the wallpaper? If not today, what about tomorrow?