https://www.theregister.co.uk/2019/09/23/microsoft_internet_explorer_cve_2019_1367/

Microsoft today issued a rare emergency security update for Internet Explorer to address a critical flaw in the browser that's being exploited right now in the wild.

Redmond says the vulnerability, a scripting-engine memory-corruption bug designated CVE-2019-1367, can be abused by a malicious webpage or email to achieved remote code execution: that means Windows PCs can be hijacked by viewing a suitably booby-trapped website, or message, when using Internet Explorer. Malware, spyware, and other software nasties can be injected to run on the computer, in that case.