Microsoft is no stranger to vulnerabilities so the above conditions don't apply. Worse, what Google found, and reported to Microsoft 90+ days ago, was a problem with an existing patch. According to MITRE's CVE database, the new Microsoft vulnerability is a result of "an incomplete fix for CVE-2016-3216, CVE-2016-3219, and/or CVE-2016-3220."
Mateusz Jurczyk with Google Project Zero wrote in a technical description, "As part of MS16-074, some of the bugs were indeed fixed, such as the EMR_STRETCHBLT record, which the original proof-of-concept image relied on. However, we've discovered that not all of the DIB-related problems are gone."
With the new vulnerability, Jurczyk said, "It is possible to disclose uninitialized or out-of-bounds heap bytes via pixel colors, in Internet Explorer and other GDI clients which allow the extraction of displayed image data back to the attacker. I have confirmed that the vulnerability reproduces both locally in Internet Explorer, and remotely in Office Online, via a .docx document containing the specially crafted EMF file."
Perhaps there's a clue in that the vulnerability touches upon both Internet Explorer and Outlook. Microsoft previously said it was changing its Patch Tuesday releases as of February 2017, releasing Internet Explorer's updates in a separate package from the OS fixes. So it's ironic that there was no February 2017 Patch Day.