I surely won't be doing it myself, but I can imagine some spook making this small personal sacrifice of becoming an employee at some Windows XP shop just to smuggle patches to his mothership for vulnerability analysis.
I hope that the fact this patch was signed in February doesn't imply that it was published in February and available to every semi-competent cyberwarfare unit in the world.
You could do what you said but it's pretty expensive and only works for a bulk deal at around $200/PC/year with a large number of PCs at a minimum.