What would be more of an interesting discussion, to me, would be why doesn't Microsoft know about these hoarding of vulnerabilities by State actors and plug them up?
Some state actors they do know. They custom write the security flaws on the state actors request.
Are they really that clever of vulnerabilities? Does Microsoft not have the resources? Is Windows like the ocean, where there are just hundreds of new species awaiting to be discovered? Did Microsoft at least know of the NSA vulnerabilities, for example, and kept it classified until NSA told them to plug them up?
Of course Microsoft knew, since they wrote in the backdoor in the first place. That is why when informed by their employers that the backdoor was going to be made public, they could undo the changes they had introduced so rapidly.