I agree with @Biker. The purpose of a CA is to issue certificates to the entity controlling a domain name, as determined by ICANN. It is troublesome to allow or encourage private entities to make arbitrary decisions secondguessing this. Of course the ICANN regime is private in itself, which creates its own problems, but adding further layers of arbitrary, unaccountable decisionmaking is not a gain for the openness, transparency and fairness of Internet infrastructure.
Let’s suppose, hypothetically, that Microsoft followed the proper procedure to challenge the registration by issuing a UDRP trademark complaint via ICANN. Let’s also suppose they lost. But under this contractual arrangement, this condition of their root programme, they’re still perfectly free, it seems, to try and obstruct the use of such a domain name, even if ICANN deems it legitimate. Moreover, the biggest issue with this is that such revocation orders affect all CA users, not only Microsoft users. There are various other avenues which Microsoft could pursue which are less troublesome; anti-phising lists, revocation lists pushed to IE (I gather all browser vendors are doing this now).
Since any CA is going to want inclusion in the Microsoft root programme, this is essentially a way for Microsoft to decide what websites get to use TLS, and eventually (as use of TLS becomes essentially mandatory, especially for newer web platform features as is intended), whether websites are allowed to substantially exist. This is not necessarily a power that will be abused, but it’s also one I’d argue it’s not Microsoft’s place to possess. This also circumvents the whole CA/B Forum process of determining certificate issuance criteria.