You need to research this and then come back. The issue revolves around responsible disclosure. There are numerous cases of Microsoft refusing to fix a bug for years, sitting on it until the researcher gets frustrated and releases it to the public. Microsoft then tries to ruin the researcher's life in the name of "responsible disclosure."
Microsoft doesn't seem to understand that the definition of responsible disclosure includes giving the vendor a reasonable amount of time before releasing. They believe that it means that the researcher doesn't talk to anyone else, ever. Once they tell the researcher "we're not moving on this right now," all bets are off.
I support responsible disclosure, but that's not what MS offers.