There was an interesting update as part of today’s Microsoft Patch Tuesday, for a vulnerability that I personally had thought was already patched. The vulnerability is one discovered by security researcher Nils at the PWN2OWN event in March.
In the April Patch Tuesday, I was expecting a Microsoft update for the issue but one never came — at the time Microsoft told me that the version of IE 8 that Nils was using was not the final version of IE8 and wasn’t vulnerable.
So what happened between April and June that Microsoft is now patching for an issue that I had thought (based on what Microsoft told me) wasn’t an issue?