I think that you SHOULD wait a reasonable period of time to release a POC. This just gives skiddies a zero day exploit. And that is more of a threat than giving the select few who know what they are doing a POC. I gotta admit it, I agree with MS on this one. If you're gonna publish a 'responsable' vulnerability, then do it responsably, give MS a time to make a patch