"But it still resulted in millions of websites being compromised. "
It certainly did when there was a brief reversion that reintroduced the bug and a rash of defacements having fun.
Whereas the recently-fixed MS bugs that go back unfixed as far as XP (e.g. JPG handling, again?) have been out there unfixed for how long? Affecting