German computer science student Michael Heerklotz discovered a Windows vulnerability in the Windows shell that was exploited during the hack of Iran s Natanz uranium enrichment facility. Microsoft had patched the flaw in August 2010, and in the four-plus years since, no public reports of problems with the patch or residual effects from the vulnerability were ever heard. The vulnerability works on Windows machines going back to Windows XP through Windows 8.1, and the proof of concept exploit evades the validation checks put in place by the original Microsoft security bulletin.
Source: https://threatpost.com/details-surface-on-stuxnet-patch-bypass/111579/