An unpatched remote code-execution vulnerability in Internet Explorer is being actively exploited in the wild, Microsoft has announced. The bug (CVE-2020-0674) exists in the way that the jscript.dll scripting engine handles objects in memory in the browser. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. A patch won’t be released until next month s Patch Tuesday, Microsoft said. The in-the-wild attacks are likely the work of the Asian APT known as Darkhotel.
Source: https://threatpost.com/microsoft-zero-day-actively-exploited-patch/152018/