Microsoft issued an emergency out-of-band update on Tuesday to fix a critical vulnerability (CVE-2015-2502) being actively exploited in the wild and affecting all versions of Internet Explorer from IE 7 through 11.