Every month, Google pushes out a new security patch to fix vulnerabilities found in Android. The purpose of this is to help keep Android secure, or as secure as possible. However, there is a pretty critical vulnerability in Android that was not fixed in the November 2016 patch, that just began rolling out yesterday. This vulnerability is referred to as 'Dirty Cow' and it's a flaw that allows apps to bypass some of the key security protections in the OS.
Now that we know that it isn't being fixed, yet, the next question is how many users are affected? Basically, everyone using an Android device. You see, Dirty Cow was introduced into the Linux kernel way back in 2007. Which was before Google began incorporating it into Android. Which means every version of Android is affected, even the very early versions. Therefore it is a pretty important vulnerability that does need to be fixed.
Unlike other vulnerabilities, this one is actually public and has been tested out in the wild already, so users will need to proceed with caution here. In fact, this vulnerability is being exploited by many users, so that they are able to root their smartphone. Now it's important to note that just because Google rolls out security patches every single month, that doesn't mean that all of the vulnerabilities on these devices are being fixed in these patches. There are some being left behind for one reason or another. It's hard to say exactly why Google didn't fix this vulnerability in the November patch, but it could be due to the fact that they haven't figured out a way to patch it just yet.
There's no confirmation on whether or not the December 2016 patch will get the patch to fix this vulnerability or not. We shall see in a few short weeks when Google rolls out the next security patch to Nexus and Pixel devices. Keep in mind that OEMs can roll out their own security patches in the meantime. But as of right now, none of them have rolled out a patch to fix the Dirty Cow exploitation.