Patch Tuesday has come round, once again, with Microsoft patching a total of 82 flaws in its September batch.
Of those, 26 are rated 'critical', including a patch for an actively exploited zero-day vulnerability tied to Microsoft's .Net framework.
Security firm FireEye uncovered the zero-day flaw, which could allow attackers to "take control of an affected system" to install programmes, delete data, or create new accounts with full user rights", it claimed.
According to Microsoft, "an attacker who successfully exploited this vulnerability in software using the .Net framework could take control of an affected system.
"An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."
FireEye says that the exploit is being distributed via malicious Microsoft Office RTF document that, when opened, exploit a zero-day vulnerability in Microsoft's .Net framework to install the notorious FinSpy surveillance software, often on behalf of law enforcement agencies.
According to FireEye, the name of the document suggests the targets were Russian speaking. The spyware itself is sold by Gamma Group, a shady UK-German firm that offers the FinSpy or FinFisher 'lawful intercept' toolkit.
Microsoft's Patch Tuesday update also has a fix for BlueBorne, a widespread Bluetooth flaw discovered by security firm Armis that potentially "billions" of devices. Google has also patched the bug in its latest security update to Android, and iPhones and iPads running iOS 10 and above are protected against the threat.
In total, Microsoft released 81 security patches as part of its September Patch Tuesday affecting Windows, Internet Explorer, Edge, Exchange, .Net Framework, Office and Hyper-V.
Electronics and computer chain the latest high street retailer to fall into difficulties
Incisive Media and Investec Asset Management supported fundraiser crosses Atlantic in 40 days
Alphabet's health sciences division Verily have been messing with AI algorithms
North Korea's cyber attack capabilities are expanding fast - and turning their fire on a wider range of targets