A past ISU graduate, Ryan Hanson, discovered the critical Microsoft Word vulnerability (that later reached major media attention through McAfee and FireEye security firms) back in October while working for Optiv security group. While he had informed Microsoft six months ago, because the company failed to find an effective way to deal with the problem, hackers were able to figure out the vulnerability through an unknown process and began exploiting it in January. The problem became greater when McAfee publically released the existence of the vulnerability before the patch was released on April 11th.
Refer to the full story on Reuters here for more details.