It's an actively exploited critical vulnerability that allows sandbox bypasses (Chrome, etc).<p><a href="https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html" rel="nofollow">https://security.googleblog.com/2016/10/disclosing-vulnerabi...</a><p>I would certainly hope it doesn't take Microsoft 3 months to fix it.
I think the notion in the article that it's the same or even worse this time because the exploit already is found to be exploited in the wild kind of strange. Isn't it far worse to disclose an unknown 0-day publicly then disclosing something that gets exploited already anyway?