An unpatched vulnerability affecting the Windows Graphics Device Interface (Windows GDI) was publicly disclosed last week after Microsoft failed to address it within 90 days after being notified.

The issue was disclosed by Mateusz Jurczyk, an engineer with Google’s Project Zero team, who initially discovered it along with other bugs in the user-mode Windows GDI library (gdi32.dll) in March 2016. Microsoft attempted to address these issues with the June 2016 set of monthly patches (security bulletin MS16-074), but apparently failed to do so.