Patch Tuesday has come round, once again, with Microsoft patching a total of 82 flaws in its September batch.
Of those, 26 are rated 'critical', including a patch for an actively exploited zero-day vulnerability tied to Microsoft's .Net framework.
Security firm FireEye uncovered the zero-day flaw, which could allow attackers to "take control of an affected system" to install programmes, delete data, or create new accounts with full user rights", it claimed.
According to Microsoft, "an attacker who successfully exploited this vulnerability in software using the .Net framework could take control of an affected system.
"An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."
FireEye says that the exploit is being distributed via malicious Microsoft Office RTF document that, when opened, exploit a zero-day vulnerability in Microsoft's .Net framework to install the notorious FinSpy surveillance software, often on behalf of law enforcement agencies.
According to FireEye, the name of the document suggests the targets were Russian speaking. The spyware itself is sold by Gamma Group, a shady UK-German firm that offers the FinSpy or FinFisher 'lawful intercept' toolkit.
Microsoft's Patch Tuesday update also has a fix for BlueBorne, a widespread Bluetooth flaw discovered by security firm Armis that potentially "billions" of devices. Google has also patched the bug in its latest security update to Android, and iPhones and iPads running iOS 10 and above are protected against the threat.
In total, Microsoft released 81 security patches as part of its September Patch Tuesday affecting Windows, Internet Explorer, Edge, Exchange, .Net Framework, Office and Hyper-V.
A new RSA report urges coders to sign a 'Hippocratic Oath' before embarking on AI programmes.
IT security vendor believes APT33 is working for the Iranian government
Darktrace pushes machine learning to take some of the pressure off of IT and security teams
Google also gets its hands on HTC's IP in a non-exclusive deal