There are 2 reasons for saying such things.

1. Microsoft itself finds bugs and upgrades it when any such attack is observed.
2. You can easily make such an exception that could lead to a very severe attack.