Probably because this particular security researcher wants to make a name for themselves.
Peronally I prefer full-disclosure (or worst case, so-called "responsible" disclosure) and don't see the value in these kind of pre-announcements, especially when the attack vector is known as is the case here. All it does is send an even clearer signal to enterprising crackers that they should be looking at popular applications to see if they are vulnerable to this exploit, which doesn't exactly help security.
Generalise much?
If I could run Linux full time, I'd do so without hesitation. Alas, the state of audio in Linux means I have to spend way more time than I'd like in Windows... stupidity really doesn't come into it.
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things. -- Doug Gwyn