Eh? Their #1 job is to gather intel, not to report exploits were found.
Once they discovered their exploit(s) were out, they DID contact MS (and...) and tell them to patch ASAP.
What exactly is a "open tech community"?
There are tons of countries out there that have their internal version of spy agencies also actively try to make exploits, this isn't nothing new.
The linux kernel is open source, yet, there are a ton of exploits being written for it every day as well. Look at Android OS, there have been so many vulnerabilities in that, that it isn't funny, and what is worse is, they will NEVER patch those in some devices.