[age_bronze]

Nothing screams "we have microsoft keys!" harder than the fact that the only vulnerabilities reported by the NSA is a cryptographic validation bug. If I had to guess exactly what kind of vulnerabilities they do not need, this is exactly those kind. Who needs crypto validation bug when you already own microsoft's keys?!

[macinjosh]

I think you're spot on. Everything agencies at this level do is calculated and weighed carefully. They definitely would not seek to patch a useful vuln. It is a PR stunt.

[william_T]

The NSA's job is to gather information. They have >400mil people to protect, and 6bn people to attack. They are in the business of using exploits, not closing them.

[bepvte]

Its patched because of the risk it poses to the government and from other state actors

[cliqueiq]

Thinking with my tin-foil hat: Same date as windows 7 last patch right? Not sure if this was a risk decision or an intentional message.

[BlueTemplar]

They likely have the control over the Intel IME backdoor too. And maybe even the (Ryzen) AMD equivalent.