<< When the blackhats have more information than the white hats there is definitely a problem >>
Im not sure, in this case, that they do. The exploit was found by a "good guy", the same fellow who discovered the cookie exploit. He notified MS directly. I believe thier first response to him was "this is not an issue". That was a bad response which MS later recanted, they do stupid stuff like that sometimes. Too proud to admit a problem. In the meanwhile however, I think the fellow who made the discovery got PO'd at MS's initial reaction to his findings and let the info leak. He shouldnt have, that was very irresposible.
I see it like this.
1) White hat finds exploit, white hat quietly reports to the appropriate body.
2) Appropriate body is actually willing to consider the issue
3)Appropriate body works on a patch and releases it, fully disclosing the now patched exploit.
4)White hat is given due credit.
This is tight lipped. This is a solid method. The problem is, most of the white hats who find these exploits cant keep thier mouth's shut for any period of time. It's only human, they HAVE to tell someone and show off. I'd probably do the same thing. That said, it's very irresponsible behaviour.
Now, when the bad guys get thier hands on something, well, who knows. I guess it's safe to assume the knowledge is in the wrong hands already. Might as well tell everyone........