I really thought it was April Fools already, then I realized it was Microsoft we are talking about.

The company I worked for had yearly pen tests and security audits done. Every year they found a vulnerability that the boss would not fix since the cost was new hardware due to a program that was written that required upgrade. Poor Code left the door open on the network, luckily it was never exploited that we know of. Essentially it was a Ruby Gem that was outdated and the whole program would need to be recoded to fix the vulnerability. From the Network perspective the Routers, Firewalls and Hypervisors were patched regularly but the software that had access through them had a huge hole.... Leaving anyone that used the software a potential target to get through.

Deep Blue Sea....