“This incident demonstrates the evolving challenges of cybersecurity in the face of sophisticated attacks. We continue to work directly with government agencies on this issue, and maintain our commitment to continue sharing information at Microsoft Threat Intelligence blog."

Translation: Fixing bugs cost way to much more money than just leaving them in, so in order to save the profits, we just wait them out. If the shit hits the fan, we can still start looking into the issue and maybe get some PR coverage to distract the public.

But we still happily support government agencies to exploit the barndoor-sized holes in our software for whatever nefarious reasons they have because they pay us for that.