I have no problem with it. He has no responsibility to microsoft, or to anyone who has purchased microsoft software. He did the research on his own time. He owns it, and is responsible only to himself.
I see nothing inexcusable about it. If you don't like it, you should pay someone to find bugs with the software you use.
You can do that, but I bet you don't. If some bugs are found by someone, it sucks to be you. Get the source code and audit it yourself.
You do have a microsoft windows source code license, right? If not, whose fault is that?
I write software. Sometimes I publish it. It is my work. Sometimes I find bugs. I have reported bugs to DEC, prime, microsoft, sun, redhat, fedora, suse, mandriva, mageia, and others. If they listen to me and respond, then I report more bugs. Since microsoft ignores my bug reports, I have stopped sending them bug reports. My choice.