Some vulnerabilities are more about weak controls than weak configurations or broken software. Here’s the latest:

"However, at least one industry expert said that Positive’s report of the threat may not be completely fair to Microsoft. Peter Lindstrom, a research director at Spire Security, observed that the Data Execution Protection vulnerability is unlikely to be seized upon by hackers. It relates more to core security issues with the design of many different kinds of software, not just tools made by Microsoft, he said.

"Maybe you could classify this problem as a lost opportunity on Microsoft’s part to protect Windows better, but that doesn’t make it a vulnerability," Lindstrom said."