It seems to me that when Microsoft's involved, "responsible disclosure" guidelines should be adjusted to immediate public release, as long as MS is feeding exploits to hackers before fixing them.
It seems to me that ALL vulnerabilities should be disclosed immediately. Vuln in FireFox? No problem, use IE or Opera. Vuln in PDF? Uninstall it until it's fixed or use a different reader or writer. It's not like there's only one OS, spreadsheet, browser, image editor, etc.
It seems to me that when a white hat finds a vuln there's probably a 50% chance a black hat found it first, but he's not going to disclose it at all, he'll keep it under his hat and use the hell out of it until a white hat discloses it.
Fuck the company that wrote the software, tell ME, the user, so I can stop using the vulnerable software until it's fixed.