[mike_hearn]

Looking at their acknowledgements list it seems advisories always have acknowledgements even when it's Microsoft themselves who find the flaw. However, the MS17-010 patches didn't have any. If that's because they'd have to acknowledge the NSA, then it seems like more stuff is on the way: MS17-019 is also missing from the list. That's also patched in March and is "a vulnerability in Active Directory Federation Services (ADFS). The vulnerability could allow information disclosure if an attacker sends a specially crafted request to an ADFS server, allowing the attacker to read sensitive information about the target system."