VBScript hole 'fixed' in May actually left open for months
A remote code execution vulnerability in the Windows VBScript engine was left open for exploitation for two months after it was supposedly patched. In fact, the fix made things even worse by introducing another remotely exploitable bug in VBScript. This is all according to researchers at Qihoo 360, who today claimed a security hole in the scripting engine was only partially resolved in Redmond's May Patch Tuesday, and was only permanently patched in this month's batch of fixes. Designated CVE-20...