Oh dear, they STILL haven't figured out how dangerous this is!
"They can detect those vulnerabilities by comparing DNS records and HTTP responses, just as we did."
Actually, not so simple. An HTTP response might well come from a hijacked subdomain. They have to ensure that the HTML itself is Microsoft created. Judging by their sloppiness so far, I'm guessing they would have a hard time determining theirs from not theirs.