Yes, I will blame them. You make no compelling case otherwise. This is how the internet works. If you run a server with security vunls that are well known and patches available: it gets owned. It's your fault. Same type of situation here.
"If you run a server with security vunls that are well known and patches available: it gets owned. It's your fault."
It's not that MS was being lax about properly hardening their boxes, though. You could DDoS the most hardened server out there, or a rack of them, it's really an inherent design issue with TCP/IP that you can DDoS systems. It's completely ignorant to blame MS, they didn't have a single point of failure, they had blocks of auth servers nailed.
