Microsoft fights with researcher over Full Disclosure

Ryan Naraine has taken Microsoft to task for refusing to officially credit security researcher Cesar Cerrudo for finding a privilege escalation exploit in Windows XP, which was disclosed on the MoKB project late last year. Microsoft isn't pretending that Cerrudo never discovered the bug or never shared the inf 56b ormation; it's refusing to officially credit Cerrudo because it feels that Cerrudo broke Microsoft's responsible disclosure policy. But who was really being irresponsible here?

As Ryan Naraine pointed out, Cerrudo had been patiently waiting for two years for Microsoft to patch the issue, and Microsoft had decided to wait until Windows XP Service Pack 3 ? which means it would take more than three years to patch following Cerrudo's disclosure to Microsoft. I spoke with Microsoft MSRC a few months back regarding this issue and learned that Microsoft had declared this privilege escalation issue low-priority, which on the face of it makes sense. More than 80% of Windows XP customers run as full-fledged Administrators anyway, and a privilege escalation exploit was moot. But what does that mean to the diligent administrators who made the effort and took the time to properly lock down all the computers in their company?