From the 'double checking facts' files:

There was an interesting update as part of today's Microsoft Patch Tuesday, for a vulnerability that I personally had thought was already patched. The vulnerability is one discovered by security researcher Nils at the PWN2OWN event in March.

In the April Patch Tuesday, I was expecting a Microsoft update for the issue but one never came -- at the time Microsoft told me that the version of IE 8 that Nils was using was not the final version of IE8 and wasn't vulnerable.

So what happened between April and June that Microsoft is now patching for an issue that I had thought (based on what Microsoft told me) wasn't an issue?