They also silently patched RedSun, didn't issue a CVE until much later.

There's something fishy going on with these vulnerabilities. I'm not one for conspiracies but it's not a good look for Microsoft, they are obviously trying to cover something up.