The Solarwinds exploit was via a microsoft single sign-on vulnerability … which an employe had discovered years earlier … and had unsuccessfully spent years trying to get the company to address.
(Compare this to the post discovery timeline of the recent xz vulnerability.)
And we’re still expected to pay this “Microsoft” company – who hands over the US’s nuclear secrets to other countries for profit – for their software, because it is supposedly so much better than GNU.