It's odd to see something this naive published by Microsoft. Software arms-dealers currently operate in very similar ways and have equivalent relationships with government that physical arms dealers do. They provide value and provide services that unfortunately are a necessary evil for nation states, the ability to strike and harm their adversaries via software. Sure, I disagree with the ethics of the situation (as much as I do with the free-agency of arms-dealers who sell AK's to african war lords and missiles to terrorists), but to say they "don't deserve a free pass" is really just a cheap take from Microsoft and largely it's never going to even be Microsoft's decision.
The even more cynical alternative take of the publication is that Microsoft wants governments to prosecute groups who profit from their sloppy work. Which is ironic, since the only reason they write windows exploits is because Microsoft has a de-facto monopoly on government / consumer operating systems.
If we look at operating systems in a Thomas Hobbes Leviathan kind of way, then Microsoft, through its monopoly on spying on your computer and dominating your system, is imbued with a vested interest in preventing anyone else from doing the same since Microsoft wants to conserve that power for itself. So in effect you get one big bad guy rather than thousands of them. Well, at least that's how it should work.
You're wrong to compare these hacking tools to arms dealing. That's a terrible analogy because international arms dealers and their customers aren't going around interfering with the daily home and office life of ordinary Americans. Microsoft talks a lot about NSO Group, which makes tools that sound like highly targeted arms dealing. But let's not forget there's 10x as many smaller companies from that same country, which sell the tools for surveillance and hacking of ordinary people and businesses.
Just the other day I was reading about one called Komedia which sells Layered Service Providers that are used for things like building pre-installed lenovo laptop software that decrypts your https and routes it through some service which injected ads and broke nodejs. It's in my opinion criminality on a scale 100x worse than anything Aaron Swartz ever did (RIP) and for some reason "businesses" that do things like that are becoming increasingly normalized.
As I underderstand it "sells 0day to gov" and "sells 0day for crime" are distinct brokers, even though in some cases they purchase exploits from the same suppliers.
TFA is really only talking about the first group because (for obvious reasons) regulating brokers who sell exploits or tools for criminal purposes is not going to work. That's already illegal.
Insecure spyware/crapware is a distinct (commercial) market which doesn't overlap much with the other two and doesn't rely on "0day" at all.
Broadly I agree with your analysis re: Microsoft's motives here.
However I believe the OP's analogy holds if you don't overextend it beyond exploit sales to government.
The even more cynical alternative take of the publication is that Microsoft wants governments to prosecute groups who profit from their sloppy work. Which is ironic, since the only reason they write windows exploits is because Microsoft has a de-facto monopoly on government / consumer operating systems.