Let's try another hypothetical...
You're working your ass off getting a project out the door, that new oil well needs to be drilled ASAP. A vendor of yours comes to you on Friday night with a NEW problem that they think is a big deal; apparently one of the wells that you drilled in the past has broken and is spewing thousands of gallons of oil into the ocean every day. You acknowledge their complaint, file it away and go back to working on what you were working on. Two business days later, you learn that your vendor took out ads in every major publication and website touting what an idiot you are for not "responding" to him, even though you did.
Now, before you say that's comparing apples to oranges, give it some thought. Is this hypothetical really so different from Microsoft's handling of vulnerability reports? Both problems require a prompt response because they could cost people/businesses a lot of money if the problem leads to a loss of data/resources. Both problems exist as a result of companies cutting corners. Both companies responded slowly because a prompt response would hurt their bottom line (short-term anyway).
What Microsoft should do with this and all other vulnerability reports is allocate as many resources as necessary to, at the very least, find a way for people to shore-up/disable the affected services, systems, etc. then promptly notify the world of both the problem and a temporary solution even if that temporary solution is just to turn the entire system off.
What Microsoft should not do is keep the information from the public until they release a patch. Just because one guy filed a bug report, it does not mean he is the only guy who is aware of the bug. There could be someone else who not only knows about the bug, but has already written and begun using an exploit for it.