Microsoft has released an out-of-band security update that fixes an actively exploited vulnerability in Internet Explorer. This vulnerability has been assigned ID CVE-2018-8653 and was discovered by Google s Threat Analysis Group when they saw the vulnerability being used in targeted attacks. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. This means that attackers can utilize this feature in exploit kits or by compromising legitimate sites and adding code that exploits the vulnerability. Microsoft has told BleepingComputer that they have nothing further to add and Google has not responded as of yet.
Source: https://www.bleepingcomputer.com/news/security/microsoft-releases-out-of-band-security-update-for-internet-explorer-rce-zero-day/