This is stupid that Microsoft simply sat on their hands for two years, knowing full well that there was an exploit being actively used against their own customers, and did not give two fucks to report it until just now.