While some of the attacks described above are a bit outdated, such as session hijacking for host-based authentication services, IP spoofing is still prevalent in network scanning and probes, as well as denial of service floods. However, the technique does not allow for anonymous Internet access, which is a common misconception for those unfamiliar with the practice. Any sort of spoofing beyond simple floods is relatively advanced and used in very specific instances such as evasion and connection hijacking.
Basically, if someone was spoofing MS we'd all be sending the data BACK to MS and not the spoofer, get it? So if it's not MS IP's doing this then it's actually someone engaging all of our servers to mount and attack against MS and even 403 errors send packets.
I'm still in the camp that thinks it's a) a MS project of some sort of b) a proxy service being abused.
Blocking it will probably have no repercussions unless it's an cloaking checker.
I'm running reverse cloaking so if any of the content collected from those IPs is actually used I'll know about it and let you know if it ever appears.