The exploit is whatever. Its almost funny it took someone this long to find it.
Its kind of irresponsible disclosure though. Even a quick email to valve detailing the bug and stating a date that you intend to publicly disclose is good enough. That gives them enough time to fix the bug before it becomes a major headache for AC teams around the world.
If they don't fix it before public disclosure, that's their fault as long as you give them reasonable time (Month or two). This sort of principle is pretty important to security research, and while we aren't security professionals, we can at least apply a bit of common sense to these situations.