https://www.theregister.co.uk/2018/07/23/qihoo_360_microsoft_patches/

A remote code execution vulnerability in the Windows VBScript engine was left open for exploitation for two months after it was supposedly patched.

In fact, the fix made things even worse by introducing another remotely exploitable bug in VBScript.