So it appears that Microsoft has released an “out of band” update aimed to patch a vulnerability in Internet Explorer which would cause a user’s PC to get infected upon visiting a bad website using the legacy browser.
As stated by Microsoft:
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer.
This security issue affects Internet Explorer 9 to 11 on all supported client and server versions of Windows. Specifically, it fixes the problem on devices running Windows 7, Windows 8.1 and Windows 10, and Windows Server 2008, 2008 R2, 2012, 2012 R2, Windows Server 2016, and Windows Server 2019.
The update is available as a cumulative update for Internet Explorer and Windows. Microsoft enabled the update on Windows Update already but it can also be downloaded from the Microsoft Update Catalog website and for those in the corporate patching world can be found on SCCM/WSUS catalogs.
Microsoft Update Catalog website links:
If you decide to install the patch, be aware that Microsoft has a history of releasing “emergency” fixes only to have them wreak havoc on the PCs they get installed on so please proceed with caution!