Also, the checks performed by Microsoft can only go so far. After all, when it comes to cyber-security, Microsoft has a horrible track record. However, even if it weren't Microsoft we were talking about, the fact that these programs are proprietary makes accurate checking each and every version of each and every program impossible.
If we were living in an alternate universe, in which the source code of these programs were made available to the public, checking them might be feasible, even for security idiots like Microsoft. Also, when Microsoft misses a free (as in freedom) program here and there, it would only be a matter of time before someone who has knowledge in whatever language said program was written in publishes a modified version, which of course will hopefully be malware-free.