You mean where the US government decided to not notify Microsoft for 5 years?
Or you mean where Microsoft decided to publicly announce the vulnerability despite not having provided patches for millions of unsupported systems?
These organization the "take security seriously sure make Project Zero look very responsible by comparison.
> for what?
To let people whose security has been compromised for over a decade do what they can to mitigate
The only fixes here come from MS. Until then, the more people that know, the worse it is.