I surely won't be doing it myself, but I can imagine some spook making this small personal sacrifice of becoming an employee at some Windows XP shop just to smuggle patches to his mothership for vulnerability analysis.
I hope that the fact this patch was signed in February doesn't imply that it was published in February and available to every semi-competent cyberwarfare unit in the world.
Does that mean I can get info on current Windows 0days simply by subscribing to XP support program?