An advanced persistent threat (APT) is using a zero-day vulnerability in the Internet Explorer kernel code to infect victims with malware. Researchers from Chinese antivirus maker Qihoo 360 Core have reported the issue to Microsoft this week. The attack involves the use of a public UAC bypass, reflective DLL loading execution, fileless execution, and steganography. Microsoft has not confirmed or denied the findings, and recommends customers use Windows 10 and the Microsoft Edge browser for the best protection.
Source: https://www.bleepingcomputer.com/news/security/internet-explorer-zero-day-exploited-in-the-wild-by-apt-group/