Microsoft took two years to fix a Windows critical security vulnerability