The NSA hoarding / leaking aspect of this vulnerability has been reported by most major news outlets. Even the mainstream ones. Albeit most haven't expanded on that point to the level that Microsoft did here.
This (as far as I know) was one of hte first reports of details of the malware and clearly mentions it, and other analysts haven't said otherwise, which by now they would have if they disagreed: http://blog.talosintelligence.com/2017/05/wannacry.html
