It looks like third-party apps where the backdoor for this hack but its impressive all the same.http://arstechnica.com/security/2014/02/new-attack-completely-bypasses-microsoft-zero-day-protection-app/
Researchers have developed attack code that completely bypasses Microsoft's zero-day prevention software, an impressive feat that suggests criminal hackers are able to do the same thing when exploiting vulnerabilities that allow them to surreptitiously install malware.
The exploit code, which was developed by researchers from security firm Bromium Labs, bypasses each of the many protections included in the freely available EMET, which is short for Enhanced Mitigation Experience Toolkit, according to a whitepaper published Monday. Microsoft has long held out EMET as an important tool for extending the security of Windows computers. The proof-of-concept exploit shows the limitations of those protections.
Its a losing mental battle it seems to worry about such exploits, in fact many exploits only target up to date machines, unless the operating system is full of semi redundant checking code that's heavily insulated from what the user does, any cracks or chinks in the o/s armour seem to allow for all sorts of carnage, and with such carnage comes those thousands of updates that in most cases simply act as a mutating codebase,
Rule of the day ? Don't rely on anything that involves "others"