One of the two zero-day bugs is rated critical and is classified as a remote code-execution bug impacting Microsoft s Internet Explorer web browser. Another bug is a Windows-spoofing bug tied to the validation of file signatures on Windows 10, 7 8.1 and versions of Windows Server. A successful hack gives the attacker same user rights as the current user, Microsoft wrote. A typical attack vector for the bug is plant malware on a specially crafted website, compromised websites where user-provided content or advertisements are allowed.
Source: https://threatpost.com/0-days-active-attack-bugs-patched-microsoft/158280/