A critical bug in a Microsoft scripting engine, under active attack, has been patched as part of Microsoft s Patch Tuesday security roundup. The vulnerability exists in Internet Explorer and allows an attacker to execute rogue code if a victim is coaxed into visiting a malicious web page or, if they are tricked into opening a specially crafted Office document. The bug (CVE-2019-1429), first identified by Google Project Zero, is believed to be actively exploited in the wild. In total, Microsoft issued 75 CVEs that included 11 critical and 64 important bugs.
Source: https://threatpost.com/microsoft-patches-rce-bug/150136/