Microsoft has just released an emergency security update to fix a zero-day vulnerability in Internet Explorer. A zero-day vulnerability means that this is the first time it has come to public attention, but there is always a possibility that cybercriminals may have independently discovered the vulnerability previously, and that they could have used it in attempting to breach organisations. As the vulnerability was previously unknown, attempts to exploit it would likely not have been detected by antivirus software.
Now that the word is out, you should update your systems as soon as possible. Attackers now know about it, and many will be rushing to try and exploit it before businesses can respond and plug the hole.
You will need to manually apply this patch as the scheduled release is not until January.
You can read the security notice at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8653