[grub5000]

It says it right in the article:

> "We performed an investigation to identify other potentially similar methods and ensure that our fix addresses [sic] more than just the issue reported," Microsoft said through a spokesman, who answered emailed

If MS had immediately patched CVE-2017-0199, only for someone to reverse the patch, discover an identical exploit somewhere else in the code and commence immediate abuse, people would crucify Microsoft.

From the article, it seems clear that Microsoft scheduled a public release of the patch as soon as it became clear it was being publicly exploited.