After Microsoft Delayed Patch Tuesday, Google Discloses Windows Bug
The bug in question affects the Windows GDI (Graphics Device Interface) (gdi32.dll), which is a library that enables applications to use graphics and formatted text on both the video display and a local printer.
Bug received an incomplete fix in June 2016
According to a bug report filed by Google's Project Zero team, the bug was initially part of a larger collection of issues discovered in March 2016, and fixed in June 2016, via Microsoft's security bulletin MS16-074.
Mateusz Jurczyk, the Google engineer who found the first bugs, says the MS16-074 patches were insufficient, and some of the issues he reported continued to remain vulnerable.
Following subsequent tests, the researcher resubmitted his bug report in November, which Microsoft failed to patch in the 90 days interval Google allows vendors to fix bugs before going public with its reports.