A year on, CISA realizes debunked vuln actually a dud and removes it from must-patch list