Re: So MS think...
"If they can discover the bug then so can someone else."
Like, Google ... who wrote the original software and might reasonably be expected to have gone to the trouble of trying the commonly available techniques.
And yet they didn't find it, which kinda suggests that even though futzing is not unknown outside of MS there is still a fair chance that this bug was not widely known. Consequently, splashing the fix all over the internet three days before you splashed the fix almost certainly increases the risk of this bug being widely used.