Not every single vulnerability that gets reported is exploitable, meaning there are some that an attacker can’t use against you. Even some security experts are divided on which bugs are not actually exploitable. Microsoft’s Security Response Center vets each and every bug that’s reported for its products. Not every critical vulnerability Microsoft patches will actually get exploited by an attacker, Microsoft’s Mike Reavey says. “Just because they haven’t figured out how to exploit it today doesn’t mean they won’t,” he says.”]
Source: https://www.darkreading.com/analytics/bugs-with-no-bite