Given the touchiness of this subject, which is a concern both inside and outside of Microsoft, the omission is all the more perplexing. The issue is poised to become even bigger. There are two trends which look set to collide at some point in the future.
The first is the proliferation of Microsoft-based systems into the critical infrastructure of nations around the world. There are increasing security concerns about Microsoft products, which is one reason why banks and others involved in critical infrastructure are looking more closely at open source.
The second is increasing evidence of politically motivated, co-ordinated groups of hackers, who appear to be upping their attempts to break into critical infrastructures. Security agencies have noted this trend, particularly since the summer, and have expressed concern about co-ordinated cyber- and physical attacks.
Much of this is qualitative opinion. We now need quantified breakdowns of the economic damage caused by hacking into business: we also need evidence about which systems are most vulnerable - both notoriously difficult to identify.
In the meantime we can sleep easy knowing that the US National Security Agency, and the boys in Vauxhall and Cheltenham are fully on the case. They will be, surely?