Microsoft issued a massive batch of software patches for Windows on April 11. One fixed a zero-day vulnerability in Word that can allow an attacker to bypass Windows security protections and install malware. The flaw, designated CVE-2017-0199, is serious: It affects all previous versions of Windows including Windows 10. While a security researcher privately disclosed the flaw to Microsoft in October 2016, Microsoft took more than five months to prep a related patch. The longer a company waits to fix a bug, the greater the chance that more people with malicious intent will discover the bug and begin capitalizing on it.”]
Source: https://www.cuinfosecurity.com/blogs/did-microsoft-drop-ball-on-word-zero-day-flaw-p-2448