Internet Explorer Zero-Day Exploited in the Wild by APT Group April 20, 2018 https://www.bleepingcomputer.com/ne...-zero-day-exploited-in-the-wild-by-apt-group/
If one by now has not disabled all active content capability in Office apps, they deserve to get nailed by this. Ditto for like capable apps such as PDF readers and client e-mail apps. If you're using web based e-mail and reading your e-mail using IE, find a different browser to do so. Appears this exploit doesn't apply to Edge? Makes me believe if enhanced PM options are enabled in IE; your using Win 10; and running in Private mode which runs IE under svchost.exe - runtimebroker.exe, you also might not be vulnerable.
I agree for frequent users of this forum. Average users OTOH would not change default settings, so we can blame developer (and attackers of course).