It has been reported that Microsoft has released an emergency out-of-band security update today to fix two critical security issues — a zero-day vulnerability in the Internet Explorer scripting engine that has been exploited in the wild, and a Microsoft Defender bug.
Microsoft released an out-of-band patch for a zero-day vulnerability in Internet Explorer that has been exploited in the wild. Exploitation of this vulnerability could result in the attacker gaining arbitrary code execution under the same privileges as the current user. In the event that the current user has administrative privileges, an attacker could perform various actions on the system, from creating a new account with full privileges to installing programs or even modifying data.
To exploit the vulnerability, an attacker would have to host the exploit on a malicious website and socially engineer a user into opening that website in Internet Explorer. In the case of a targeted attack, an attacker could include a link to the malicious website in an email or in a malicious email attachment (HTML file, PDF file, Microsoft Office document) that supports embedding the scripting engine content.