Presumably because making the patch public also makes the vulnerability public and they want to give the big players time to protect their customers.