Microsoft has released an emergency patch for all versions of Internet Explorer, due to a critical vulnerability that's reportedly under active exploit. The CVE-2015-2502 vulnerability is described as a "Memory Corruption Vulnerability," and can allow for remote code execution under the active user's credentials, leading to potential exfiltration of user data. If the user has administrator permissions, an attacker can gain complete control over the system.
According to the company, all a user has to do is visit a specially-crafted website for the exploit to be triggered. All Internet Explorer versions from 7 to 11 are affected, and the vulnerability is rated "Critical" for all current supported operating systems (Windows Vista to Windows 10.) For server versions of Windows, Microsoft uses the "Moderate" rating, since Internet Explorer runs in Restricted mode by default on those operating systems.
All users are advised to install the update immediately, either via Windows Update or direct download from the MS15-093 Security Bulletin page.