Google reveals unpatched 0day vulnerability in Microsoft’s API