Moments ago, Microsoft published the September 2017 Patch Tuesday, and this month the OS maker fixed 82 security bugs.

Among the patches, there is one zero-day vulnerability exploited in the wild and three bugs whose details became public but have yet to be exploited in attacks.

Zero-day attacks using .NET Framework flaw

The zero-day is tracked under the identifier of CVE-2017-8759 and is a remote code execution vulnerability that affects the .NET Framework.

"An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system," Microsoft said today. "An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."

Two FireEye researchers discovered this flaw and reported the issue privately to Microsoft. According to FireEye, a threat actor used the zero-day to deliver the FinFisher (FINSPY or WingBird) spyware to Russian-speaking individuals in July 2017.

Three public disclosures don't lead to attacks

In addition, details about three other flaws became public, but no attacker had used this information to attack Windows users.

These three flaws are CVE-2017-9417 (RCE that affects the HoloLens Broadcom chipset), CVE-2017-8746 (Device Guard bypass that allows attackers to inject malicious code in PowerShell sessions), and CVE-2017-8723 (CSP bypass in Microsoft Edge).

The CSP bypass in Microsoft Edge is different from the CSP bypass that came to light last week, discovered by Cisco Talos, and which Microsoft said it does not intend to fix.

BlueBorne flaw secretly patched in July, details published today

The September 2017 Patch Tuesday also includes details about CVE-2017-8628, a flaw in the Windows Bluetooth driver, also known as the BlueBorne vulnerability, said to affect over five billion BlueTooth-enabled devices.

Microsoft said it silently patched this flaw in July, but only now released details about it, to allow other software vendors to patch their products as well.

"Microsoft released security updates in July and customers who have Windows Update enabled and applied the security updates, are protected automatically," a Microsoft spokesperson told Bleeping Computer via email. "We updated to protect customers as soon as possible, but as a responsible industry partner, we withheld disclosure until other vendors could develop and release updates."

Below is a table listing of all the 82 security issues fixed this month. We used PowerShell and the Microsoft API to assemble the table below, but the report is much longer. We hosted the full report on GitHub, here.

If you're not interested in all security updates and you'd like to filter updates per product, you can use Microsoft's official Security Update Guide, available here.