What do you expect?
As we've said before, it's nice that Microsoft is pointing out cybersecurity issues in other people's code – raising awareness is good for users – but it's strange to see Redmond making a song and dance about this sort of thing when it routinely downplays the scores of vulnerabilities it fixes in its own products every month.
If you can't fix your own shit, throw some at your competitors.