In its security update report, Microsoft said that Google discovered and alerted it to the flaw. According to Satnam Narang from cyber exposure company Tenable, the flaw affects IE11 for Windows 7 to Windows 10, as well as IE9 and IE10 on specific versions of Windows Server. Narang is urging users to "update their systems as soon as possible to reduce the risk of compromise" since "the flaw is being actively exploited in the wild."

Microsoft says the update fixes the issue by "modifying how the scripting engine handles objects in memory." Those who've applied the latest Windows security rollout are already protected, and Microsoft is encouraging everyone else to follow suit.