Sure, but if there's an unknown potential flaw in a window of your house, which causes it to break if tapped three times or somesuch, and a thief uses this to break in and steal all your stuff. Regardless of the fact that the window company may or may not be fixing the issue in future, would you make such snide comments if the police etc still hunted the thief and the window making company put up some incentive to assist this? I don't think so.
Not trying to defend MS here or anything like that, just that the whole "it's cool to bash microsoft without thinking about it, because we're linux people and therefore we're so much smarter/better than them" attitude grows tiresome at times.
But at the end of the day, using the scenario here, the job of the window company is to fix this flaw and stop producing windows with this flaw, not go around and knee-cap someone because they discovered and exploited this flaw. Believe it or not, Chubb international have a safe somewhere with a wod of cash in it, and if someone successfully breaks into that safe, providing they tell Chubb how they broke into that safe, the money is theirs. I'm not trying to defend criminals, but I don't think it's Microsoft's place to knee-cap people who exploit their vulnerabilities, it's their job to proactively find and fix vulnerabilities and not make any vulnerabilities public knowledge without a solution to fix the problem.