Microsoft is often too secretive about security issues. For instance, back in 2014, they had a 19yr old bug that was as dangerous as Heartbleed was (revealed a few months earlier). But Microsoft kept it under wraps as much as possible, so nobody really wrote about it.
Same with how they advertise security updates in Windows these days, or how they include a dozen root certificates in a random update without telling anyone why or who those root CAs are.
Just by reading this article, Microsoft come across as extremely slow moving. I am sure that this bug fix is not a small matter but being secretive about it is no good.
Same with how they advertise security updates in Windows these days, or how they include a dozen root certificates in a random update without telling anyone why or who those root CAs are.