Another little law exercise here. If attribution is indeed not there (not proven yet), then it becomes a question of who removed the attribution.
If Microsoft did it, then they are liable for civil damages and criminal punishment (knowingly and for profit, the key ingredients).
If Spider did it, then Spider is liable for civil damages and criminal punishment. But Microsoft would be mostly off the hook. You could not then say Microsoft knowingly infringed, and in that case all criminal bets are off, and civil damages can't be very high (and Microsoft would probably sue Spider to recover them anyway). Microsoft's remedy for future infringement would be simple and relatively inexpensive: stick the attribution back in and then put the new code in the next patch and all future install shipments.
Typical, you make endless excuses including lies you admit to perpetrating for months in defense of illegal Russian hacking, but can't wait to accuse an American corporation of theft of a product that is generally given away for free. Just as we'd expect, toss a few lies on top and you'll be done LOL.