It seems that only recently and with the help of IBM that Microsoft has finally managed to patch a security vulnerability that has been eluding them all this while. According to IBM researcher Robert Freeman, this is a very rare bug that has existed since Windows 95 and would allow an attacker to run code remotely when the user visits a malicious website.
The bug reportedly relies on a vulnerability found in VBScript that was introduced in Internet Explorer 3.0. It seems that it is so resilient that it has managed to prove itself impervious to Microsoft’s anti-exploitation tools, as well as the sandboxing feature of Internet Explorer 11, but we guess that’s all gone now thanks to Microsoft patching it up.
We suppose one of the reasons why it has only been fixed now is because there has not been any reports of anyone actually taking advantage of this exploit, which is why it has remained relatively hidden. The issue was originally discovered in May and was only recently made public after the patch was issued.
Like we said, no piece of software is perfect and despite many revisions, bugs and exploits can remain hidden in the most surprising places.