The flaw could allow an attacker to take control of a system through a specially crafted website, or by sending out spam email messages.
Microsoft originally planned to release the patch on 10 October, as part of its monthly patch release cycle. The vendor issues 'out-of-band' updates in rare cases if it helps to halt active attacks.
The VML vulnerability surfaced last week when a small group of websites in Russia started exploiting the unpatched vulnerability.
The abuse of the vulnerability became widespread over the weekend after the exploit was included in a malware toolkit known as 'WebAttacker'.
Users who have applied a third-party workaround need to undo those changes before the patch can be applied.
Security experts recommend that users apply the patch as soon as possible. The update can be obtained through the built-in auto-update feature in Windows or from the Microsoft Update website.
Latest Tesla news: Tesla stock price tanks amid reports of 'widening probe' by SEC and claims the base Model 3 loses money
SEC 'probe' takes its toll on Tesla as new research suggests that Tesla loses $6,000 on every $35,000 Model 3
10nm Cannon Lake Core i3-8121U CPUs make a rare outing with Intel's NUC mini PC
'Notorious' Australian child hacker thought he had executed 'flawless' hack
The former employee says that Tesla fired him for bringing the accusations to management internally