A critical vulnerability in the Windows GDI (graphics device interface) that Microsoft patched in its latest round of security updates was exploited by a sophisticated attack group to escape browser-based sandboxes and remotely execute malicious code, according to Kaspersky Lab.
Link