Ostensibly, the vulnerability is necessary to maintain functionality. Something to do with the particular Kerberos implementation and backwards compatibility. They've made it more difficult to get to the point where you can attack, however.
Whilst this interesting, I feel the need to channel Raymond Chen (of http://blogs.msdn.com/b/oldnewthing/)and say "if you disable security features, you have disabled security features, don't be surprised when it is now less secure".
In this case there still is an issue that should really be addressed, but that will be why it probably isn't ranked high on the to-address list
Ostensibly, the vulnerability is necessary to maintain functionality. Something to do with the particular Kerberos implementation and backwards compatibility. They've made it more difficult to get to the point where you can attack, however.