Microsoft on Tuesday confirmed that a single superfluous character in its own development code is responsible for the bug that has let hackers exploit Internet Explorer (IE) since early July.