Being the devil's advocate here, but is it within the NSA's purview/interest to maintain a user's privacy? :x
The NSA actually has two jobs: offense and defense (though sometimes the distinction isn't very clear ofc)
Ideally they would have backdoors that only they can use, that are hard to detect and even harder to trace back to them. (Which is why they put so much energy into recording and storing web traffic: Undetectable and if sometime in the future cryptography/computing power becomes good enough to crack the stuff, they can go back to it.)
Whether they (would) have seen more benefit in using this bug or saving their people from it is up to debate.
IF they knew, they probably wouldn't protect their publically facing websites: it would be a huge tipoff and there shouldn't be anything super valuable on those servers anyway.
Also, xkcd posted a nice non-technical explanation of the bug: