Microsoft Internal Vulnerability System Breached in 2013, Went Unreported
One of the commonly stated dangers of closed source software is that bugs may not be made public and they might not get closed as there is little customer pressure to demand that non-public vulnerabilities be handled. In 2013, Microsoft's internal list of the vulnerabilities known to them was stolen in a hacking breach, but MS kept this information secret. Later, these known vulnerabilities were used in attacks on Windows machines, only in some cases had those vulnerabilities been closed. Meaning that Microsoft had known known security holes, known exposure and disclosure of those holes, and failed to alert customers or to close them before attacks happened.
Seems like par for the course...
Total fail, but not really a surprise.
Nowadays they wouldn't get away on this. Maybe Troy Hunt will say something :P