A malicious website or malicious ad can trigger an exploit for the IE zero-day bug, new analysis notes. The vulnerability in question exists in Microsoft s Internet Explorer, and at the time of writing remains unpatched, though Microsoft said it was looking into the bug report. The attack on researchers had come to light a few days earlier, when researchers at South Korean consultancy ENKI identified a zero day exploit that it said was used in the researcher attack. Microsoft has acknowledged ENKI’s report and issued a short statement: We will provide updates for impacted devices as soon as possible
Source: https://threatpost.com/exploit-details-unpatched-microsoft-bug/164083/