It was never patched by Microsoft.

It was a new vulnerability discovered in 2019.

It was still being exploited in 2019 despite being from 2012.

It only affected Office 365.

Microsoft Word Processing Library

Microsoft Excel Data Library

Microsoft Office Security Library

Microsoft Windows Common Control Library

Patches are always applied immediately.

Patches are often skipped and not revisited.

Patches are only available for new software.

Patches are automatically applied without user consent.

Skipping problematic patches

Enhancing antivirus software

Automatic software upgrades

Improving user interface design

Ignore older patches

Upgrade to Office 365 immediately

Review and apply all skipped updates

Disable all antivirus software

Always open files from unknown sources

Disable all security warnings

Enable editing on all files immediately

Verify the source of files before opening

Delete it without checking

Verify its origin before opening

Forward it to others

Open it immediately