I don't believe this to be irresponsible, waiting over six months for the vendor is plenty of patience. Especially with a flaw that now released is deemed "critical". The researcher did not make the servers vulnerable, only pointed out that they were, fie on you Shavlik and fie on MSFT....

[ more ]