Security firm FireEye says zero-day vulnerability was used by cyber-espionage groups. The vulnerability was discovered in July 2016 by security researcher Ryan Hanson. Microsoft took almost six months to fix the three bugs, delivering patches for all three in April’s Patch Tuesday. A few days before Microsoft patched the vulnerability, news about it broke via blog posts from McAfee and FireEye, both revealing the vulnerability was under active exploitation. Fearing that a patch was coming, this group shared (most likely sold) the exploit with other crimeware groups.
Source: https://www.bleepingcomputer.com/news/security/recent-microsoft-0-day-used-for-cyber-espionage-and-mundane-malware-distribution/