Microsoft is often too secretive about security issues. For instance, back in 2014, they had a 19yr old bug that was as dangerous as Heartbleed was (revealed a few months earlier). But Microsoft kept it under wraps as much as possible, so nobody really wrote about it.<p>Same with how they advertise security updates in Windows these days, or how they include a dozen root certificates in a random update without telling anyone why or who those root CAs are.
Just by reading this article, Microsoft come across as extremely slow moving. I am sure that this bug fix is not a small matter but being secretive about it is no good.