Microsoft doesn't usually like to talk about how they sometimes silently patch vulnerabilities, so it's a pleasant surprise to see them blog about it on their Security Research & Defense blog.
I've written about this subject before, when I came to realize that Microsoft never in their security bulletins identified patched vulnerabilities as internally discovered. I pressed them on it and they were somewhat elliptical in their response, but offline others pointed out that obviously Microsoft was patching other vulnerabilities silently.

The link for this article located at PC Magazine Blogs is no longer available.