The problem is not what Microsoft will learn; but how they will react to that knowledge. Instead of solving the security problem, Microsoft will argue the problem is negligible, will encourage a 3rd party to develop to develop the fix, then later buy the 3rd party for pennies on the dollar and much later (after the damage is done) present their fix to a problem which should have been fixed long ago.